Are wildcards allowed in IdentityServer Client Redirect Urls

Question

I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?

Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.

Answer 1

You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.

1. Redirect Uri Validator Interface
2. How to register your custom validator
3. Discussion about redirect uri

Identity Server4

I think you can add AddCustomAuthorizeRequestValidator in the startup. Still, it is not recommended to modify the redirect URI validation.

1. Add Custom services
2. Related Discussion

Answer 2

For IdentityServer4, you can implement your own IRedirectUriValidator and register it using the AddRedirectUriValidator extension method in Startup.cs.

services.AddIdentityServer(options =>
    {
        // ...
    })
    .AddRedirectUriValidator<CustomRedirectUriValidator>();

By default, the StrictRedirectUriValidator is registered but can be overridden by calling .AddRedirectUriValidator as shown above.