A redirect URI is the address to which PingOne forwards the OIDC response after authentication. For flexibility in configuring the redirect URI, you can use wildcards and loopback IP redirects.
Wildcards in redirect URIs
You can choose to allow a wildcard in the Redirect URI. Rather than entering an exact URI, you
can use a wildcard to include multiple paths using one entry. Use wildcards in the
path and query portions of the URI, that is, the portion of the URI after the
authority. Only one wildcard is allowed per URI. The *
operator is
the only supported wildcard. For more information, see Editing an application.
Example
https://www.example.com/th*/callback
redirect_uri value in the authorization request |
Result |
---|---|
|
PingOne
accepts the provided redirect_uri value
because |
|
PingOne
accepts the provided redirect_uri value
because |
|
PingOne
rejects the provided redirect_uri value
because |
For security reasons, we recommend that you use a hardcoded URL (exact match), but the wildcard option can give you flexibility if you need it.
Loopback IP redirect URIs
PingOne supports any valid port for loopback IP redirect URIs. Native applications that can open a port on the loopback network interface without needing special permissions can use the loopback interface to receive the OAuth redirect.
To use a loopback URI, specify the Authority URL as a loopback IP address or
localhost
, and the port that the client is listening on. The
Scheme must be HTTP or HTTPS. For more information, see Loopback Interface Redirection in the OAuth 2.0
for Native Apps RFC.
Example 1
http://127.0.0.1/cb
redirect_uri value in the authorization request |
Result |
---|---|
|
PingOne accepts the provided redirect_uri value because it is an exact match. |
|
PingOne accepts the provided redirect_uri value because port 8080 is a valid port. |
|
PingOne accepts the provided redirect_uri value because port 80 is a valid port. |
|
PingOne
rejects the provided redirect_uri value
because |
Example 2
http://127.0.0.1:8080/cb
redirect_uri value in the authorization request | Result |
---|---|
|
PingOne accepts the provided redirect_uri value because it is an exact match. |
|
PingOne
rejects the provided redirect_uri value
because port 9080 does not match the expected port 8080.
PingOne returns |
|
PingOne
rejects the provided redirect_uri value
because port 80 does not match the expected port 8080.
PingOne returns |