OpenID Connect - Redirect URI Skip to main content
https://support.okta.com/help/answers?criteria=openquestions&dc=okta_application_network&feedtype=single_question_detail&id=9062a000000xzrkqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jade KoskelaJade Koskela 

OpenID Connect - Redirect URI

I am investigating integration with OKTA for Tableau Desktop/Server -> Amazon Athena.
Desktop is a weird case. 
Google has some recommendations for OAuth2 redirect for a installed application, which I think also would apply to OKTA.
https://developers.google.com/identity/protocols/OAuth2InstalledApp

Their recommendations are
Option 1: Custom URI scheme (Android, iOS, UWP)
Option 2: Loopback IP address (macOS, Linux, Windows desktop)

For our use case Option 1 isn't enough. We need OSX and Windows support.
So we need to use Options 2. However options two would use a dynamic port.

So my question is what your recommendations are for the redirect URI? Can it contain wildcards for the port?
Do you support installed applications?
 
Emilian AldeaEmilian Aldea (Okta, Inc.)
Hello Jade,
 Emilian here with Okta's Customer Support Team, thank you for reaching out to us.
 I have checked and it appears as unfortunately using wildcards in redirect_uri is not supported. However, I was able to find the following idea submitted by another member of the community:
https://support.okta.com/help/ideas/viewIdea.apexp?id=0872A000000bpFcQAI

  Okta developer site does provide some documentation in openID/Oauth applicaiton.  Please take a look at the following documentation, you can also find a section for redirect_uri. 

http://developer.okta.com/docs/api/resources/oauth2.html


 Hope this helps! 
 Best Regards,

 Emilian Aldea
Technical Support Engineer
Okta Global Customer Care
Alex BeynensonAlex Beynenson
More specifically, the OAuth 2.0 for Native Apps RFC (https://tools.ietf.org/html/draft-ietf-oauth-native-apps-12), in section 7.3 speficially calls out that "The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request."

Please consider adding support for this functionality (limited to applications explicitly registered as "Native" of course).