Merge pull request #4980 from mpmadhavig/wildcard-urls

Update redirect url definition for wildcard url allowed app types

en/identity-server/7.0.0/docs/guides/applications/register-standard-based-app.md

@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)

en/identity-server/next/docs/guides/applications/register-standard-based-app.md

@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)

en/includes/guides/applications/register-mobile-app.md

@@ -29,7 +29,7 @@ To register the app:
         </tr>
         <tr>
             <td>Authorized redirect URLs</td>
-            <td>The URL to which the authorization code is sent to upon user authentication and where the user is redirected to upon logout.</td>
+            <td>The URL to which the authorization code is sent to upon user authentication and where the user is redirected to upon logout. If wildcard support is necessary, ensure it is limited to well-defined patterns and implemented securely to meet your specific requirements.</td>
         </tr>
         <tr>
             <td>Allow sharing with organizations</td>

en/includes/guides/applications/register-standard-based-app.md

@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)