--- title: Redirect URIs description: Redirect URIs are the addresses to which PingOne forwards the OIDC response after authentication. component: pingone page_id: pingone:applications:p1_wildcard_redirect_uri canonical_url: https://docs.pingidentity.com/pingone/applications/p1_wildcard_redirect_uri.html revdate: May 10, 2024 section_ids: wildcards-in-redirect-uris: Wildcards in redirect URIs example: Example loopback-ip-redirect-uris: Loopback IP redirect URIs example-1: Example 1 example-2: Example 2 --- # Redirect URIs A redirect URI is the address to which PingOne forwards the OIDC response after authentication. For flexibility in configuring the redirect URI, you can use patterns and loopback IP redirects. ## Wildcards in redirect URIs You can choose to allow a wildcard in the redirect URI. Rather than entering an exact URI, you can use a wildcard to include multiple paths using one entry. You can use only one wildcard in the path and query portions of the URI, that is, the portion of the URI after the authority. Only one wildcard is allowed per URI. The `*` operator is the only supported wildcard. Learn more in [Editing an application](p1_editing_applications.html). ![An example path showing a wildcard in the redirect URI](_images/gbc1666369117257.png) | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------- | | | Fragment is not applicable because redirect URIs can't contain fragments, following the OAuth 2.0 Authorization Framework specification. | ### Example An application is configured with a **Redirect URI** entry of: ``` https://www.example.com/th*/callback ``` | redirect\_urivalue in the authorization request | Result | | ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `https://www.example.com/this/callback` | PingOne accepts the provided `redirect_uri` value because `this` matches  the `th*` pattern. | | `https://www.example.com/that/callback` | PingOne accepts the provided `redirect_uri` value because `that` matches the `th*` pattern. | | `https://www.example.com/oidc/callback` | PingOne rejects the provided `redirect_uri` value because `oidc` does not match the `th*` pattern. PingOne returns `Redirect URI mismatch` to the application. | | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------- | | | For security reasons, we recommend that you use a hardcoded URL (exact match), but the wildcard option can give you flexibility if you need it. | ## Loopback IP redirect URIs PingOne supports any valid port for loopback IP redirect URIs. Native applications that can open a port on the loopback network interface without needing special permissions can use the loopback interface to receive the OAuth redirect. To use a loopback URI, specify the **Authority** URL as a loopback IP address or `localhost`, and the port that the client is listening on. The **Scheme** must be HTTP or HTTPS. For more information, see [Loopback Interface Redirection](https://www.rfc-editor.org/rfc/rfc8252#section-7.3) in the OAuth 2.0 for Native Apps RFC. ### Example 1 An application is configured with a **Redirect URI** entry of: ``` http://127.0.0.1/cb ``` | redirect\_urivalue in the authorization request | Result | | ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `http://127.0.0.1/cb` | PingOne accepts the provided `redirect_uri` value because it is an exact match. | | `http://127.0.0.1:8080/cb` | PingOne accepts the provided `redirect_uri` value because port 8080 is a valid port. | | `http://127.0.0.1:80/cb` | PingOne accepts the provided `redirect_uri` value because port 80 is a valid port. | | `https://127.0.0.1/cb` | PingOne rejects the provided `redirect_uri` value because `https://` does not match the expected scheme of `http:/`. PingOne returns `Redirect URI mismatch` to the application. | ### Example 2 An application is configured with a **Redirect URI** entry of: ``` http://127.0.0.1:8080/cb ``` | redirect\_urivalue in the authorization request | Result | | ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `http://127.0.0.1:8080/cb` | PingOne accepts the provided `redirect_uri` value because it is an exact match. | | `http://127.0.0.1:9080/cb` | PingOne rejects the provided `redirect_uri` value because port 9080 does not match the expected port 8080. PingOne returns `Redirect URI mismatch` to the application. | | `http://127.0.0.1:80/cb` | PingOne rejects the provided `redirect_uri` value because port 80 does not match the expected port 8080. PingOne returns `Redirect URI mismatch` to the application. |