I am investigating integration with OKTA for Tableau Desktop/Server -> Amazon Athena. Desktop is a weird case. Google has some recommendations for OAuth2 redirect for a installed application, which I think also would apply to OKTA. https://developers.google.com/identity/protocols/OAuth2InstalledApp
Their recommendations are Option 1: Custom URI scheme (Android, iOS, UWP) Option 2: Loopback IP address (macOS, Linux, Windows desktop)
For our use case Option 1 isn't enough. We need OSX and Windows support. So we need to use Options 2. However options two would use a dynamic port.
So my question is what your recommendations are for the redirect URI? Can it contain wildcards for the port? Do you support installed applications?
Hello Jade, Emilian here with Okta's Customer Support Team, thank you for reaching out to us. I have checked and it appears as unfortunately using wildcards in redirect_uri is not supported. However, I was able to find the following idea submitted by another member of the community: https://support.okta.com/help/ideas/viewIdea.apexp?id=0872A000000bpFcQAI
Okta developer site does provide some documentation in openID/Oauth applicaiton. Please take a look at the following documentation, you can also find a section for redirect_uri.
More specifically, the OAuth 2.0 for Native Apps RFC (https://tools.ietf.org/html/draft-ietf-oauth-native-apps-12), in section 7.3 speficially calls out that "The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request."
Please consider adding support for this functionality (limited to applications explicitly registered as "Native" of course).