We are using OIDC using the redirect method to connect to a number of applications, including several configured as SPA. In the middle of the project I noticed an issue, we are unable to whitelist our entire site as a redirect_uri for our application. I believe using OIDC and the JS SDK and redirect method, we aren't able to direct the user flow back to the page the user is on when they press login. I was expecting to be able to initiate a login or registration flow from any URL within my application, and then the IDP would send the user back to that URL. That seems to be impossible with the restrictions on using wildcards in the redirect_uri path configuration. Although seemingly I could just whitelist the entire site one URL at a time ...

I believe I understand that the expectation here is that I send the user back to a single page like /authorize, which is meant to then route the customer back to the page they were in. And it's possible that i'm supposed to use the "state" to pass values back and forth from the login page.

1. If i'm meant to use a single redirect URI for my entire application, is there a generally accepted way of getting the user back to the page they were on? Using OIDC state or some similar method? I found almost nothing in the Okta documentation about using the OIDC state, it just mentions the use to prevent CSRF attacks.
2. How does this relate to registration? We use the okta hosted sign-in widget, including registration. Do we have the ability to get the user back to the page the initiated the login or registration from? Right now the email activation sends us back to a single page, which I would think to be a problem for any customer facing implementation.