Standard based app wildcard redirect uri.

wso2 · Jan 22, 2025 · 8b55c06 · 8b55c06
1 parent 19e2ff6
commit 8b55c06
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 0 deletions.
diff --git a/en/identity-server/7.0.0/docs/guides/applications/register-standard-based-app.md b/en/identity-server/7.0.0/docs/guides/applications/register-standard-based-app.md
@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)

diff --git a/en/identity-server/next/docs/guides/applications/register-standard-based-app.md b/en/identity-server/next/docs/guides/applications/register-standard-based-app.md
@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)

diff --git a/en/includes/guides/applications/register-standard-based-app.md b/en/includes/guides/applications/register-standard-based-app.md
@@ -50,6 +50,13 @@ To register an application:
             </tr>
         </table>
 
+    !!! note
+        If you are planning to enable the Authorization Code grant type for standard-based applications, please note the following when adding the authorized redirect URL. The authorized redirect URL should be defined based on the type of application you are using:
+
+        - Web-based applications: Use exact URLs or implement logic to dynamically register specific redirect URIs as needed.
+
+        - Mobile apps with deep links: Wildcard support may be acceptable, but it must be implemented securely and restricted to well-defined patterns to limit its scope.
+
 ## What's Next?
 
 - [Configuring an OIDC application]({{base_path}}/references/app-settings/oidc-settings-for-app/)