I have an app( called Xplan) that uses OAuth authorization and it is deployed to multiple servers. Each instance of the app has its own subdomain.
There are over a thousand such subdomains, and it is not a static list. When a user on a site tries to authorize, the redirect url will be specific to that site, something like “https://subdomain1.topdomain.com/redirect”. Adding just “https://topdomain.com” to the whitelist was enough for OAuth redirection, and it works for our test sites. But today I tried to test on our production sites I’m getting “invalid redirect url” when a user tries to authorize the app unless I give the full domain in the whitelist. That means adding each subdomain separately which is not feasible.
We raised this issue before for test sites and it has been fixed, but now it happens again for our production sites.
Could you help with this issue? This is impacting our app submission and release.
Thanks for reaching out, and happy to help take a closer look at this for you.
Is it possible to share a screenshot of your production default Redirect URL and Whitelist URLs with me here? In the meantime, could you also ensure that you have the “https://topdomain.com” as your production redirect URL in your app in the marketplace?
If you have a chance, please also check out this thread: