Parameterized redirect_uri value?


Background (prior to asking the questions)

In regards to:

We are considering the scenario when a Netlify OAuth2 app will require many different possible redirect_uri endpoints. Many distributed app servers could host the implementation.


Question 1: When acquiring a token, is the redirect_uri parameterizable or flexible in any way? Can we add multiple redirect_uri endpoints, use globs for pattern matching, or maybe dynamically define the redirect_uri at authorization time? (The latter, or all, might introduce security risks. Asking to confirm, nonetheless.)

Question 2: If the redirect_uri is locked to a single URI then one thought is to create a single endpoint that will proxy the call using the state value. Is this a viable option?

Question 3: In the UI it appears that we can define a Netlify OAuth2 App. (I don’t see this option in the swagger file.) Meaning, we can create/set the Application Name and Redirect URI via the API. Is this a valid scenario? Or, would this scenario require authorization prior to this action can be done programmatically?


Thank you for your time!

@luke @perry

As I mentioned over here --> Any usage documentation for the OAuth API endpoints? , we’re bringing this to our backend team and will respond when we know more :slight_smile:

Thanks, @jen. After looking over the OAuth 2.0 standard ( it’s likely that parameterization of the redirect URI is not a valid option. Will look for confirmation, nonetheless. Regards.

1 Like