Redirect URIs - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

Wildcards in redirect URIs

You can choose to allow a wildcard in the Redirect URI. Rather than entering an exact URI, you can use a wildcard to include multiple paths using one entry. Use wildcards in the path and query portions of the URI, that is, the portion of the URI after the authority. Only one wildcard is allowed per URI. The * operator is the only supported wildcard. For more information, see Editing an application.

An example path showing a wildcard in the redirect URI

Example

An application is configured with a Redirect URI entry of:

https://www.example.com/th*/callback

redirect_uri value in the authorization request	Result
`https://www.example.com/this/callback`	PingOne accepts the provided redirect_uri value because `this` matches the `th*` pattern.
`https://www.example.com/that/callback`	PingOne accepts the provided redirect_uri value because `that` matches the `th*` pattern.
`https://www.example.com/oidc/callback`	PingOne rejects the provided redirect_uri value because `oidc` does not match the `th*` pattern. PingOne returns `Redirect URI mismatch` to the application.

Note:

For security reasons, we recommend that you use a hardcoded URL (exact match), but the wildcard option can give you flexibility if you need it.

Loopback IP redirect URIs

PingOne supports any valid port for loopback IP redirect URIs. Native applications that can open a port on the loopback network interface without needing special permissions can use the loopback interface to receive the OAuth redirect.

To use a loopback URI, specify the Authority URL as a loopback IP address or localhost, and the port that the client is listening on. The Scheme must be HTTP or HTTPS. For more information, see Loopback Interface Redirection in the OAuth 2.0 for Native Apps RFC.

Example 1

An application is configured with a Redirect URI entry of:

http://127.0.0.1/cb

redirect_uri value in the authorization request	Result
`http://127.0.0.1/cb`	PingOne accepts the provided redirect_uri value because it is an exact match.
`http://127.0.0.1:8080/cb`	PingOne accepts the provided redirect_uri value because port 8080 is a valid port.
`http://127.0.0.1:80/cb`	PingOne accepts the provided redirect_uri value because port 80 is a valid port.
`https://127.0.0.1/cb`	PingOne rejects the provided redirect_uri value because `https://` does not match the expected scheme of `http:/`. PingOne returns `Redirect URI mismatch` to the application.

Example 2

An application is configured with a Redirect URI entry of:

http://127.0.0.1:8080/cb

redirect_uri value in the authorization request	Result
`http://127.0.0.1:8080/cb`	PingOne accepts the provided redirect_uri value because it is an exact match.
`http://127.0.0.1:9080/cb`	PingOne rejects the provided redirect_uri value because port 9080 does not match the expected port 8080. PingOne returns `Redirect URI mismatch` to the application.
`http://127.0.0.1:80/cb`	PingOne rejects the provided redirect_uri value because port 80 does not match the expected port 8080. PingOne returns `Redirect URI mismatch` to the application.