How to use a wildcard callback_url with the new callback rules

Spawtz · 2018-06-13T15:38:04.399Z

Per the recent changes to oauth requiring that the callback urls be whitelisted, our application has now broken because we were overwriting the callback url.

The problem is that the callback url is dynamic in our case - the callback url will be of the format https://{customersubdomain}.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx - ie, the subdomain part is dynamic and varies from customer to customer.

It’s not really feasible to whitelist every single customer subdomain, nor is it feasible to add new whitelisted urls as new customers come on board. So is it possible to add a wildcard setting to the whitelisted callback urls? Or if not, then what am I doing wrong here? How should we be approaching this issue?

Thanks for your help.

ProZafah · 2018-06-17T14:04:35.500Z

The same issue here. We need a solution please.

abraham · 2018-06-17T17:01:43.556Z

An approach you could use is to have a single domain that handles authenticating with Twitter and all of your sub apps delegate authentication to the authen site.

So you would register this as your callback URL in the Twitter app settings.

https://auth.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx

And then when you get a request_token you would use this as your callback URL.

https://auth.spawtz.com/SpawtzApp/ConfigSettings/TwitterCallback.aspx?customersubdomain={customersubdomain}

Spawtz · 2018-06-19T15:59:51.898Z

Thanks Abraham. I was hoping not to have to do something like that (as it’s yet another site to remember to deploy etc etc etc), but seems that’s the way it will need to go.

Thanks for your help.

LeBraat · 2018-07-05T14:23:00.260Z