I have an app which uses OAuth authorization and it is deployed to multiple servers. Each instance of the app has its own subdomain.
There are over a thousand such subdomains, and it is not a static list. When a user on a site tries to authorize, the redirect url will be specific to that site, something like “https://subdomain1.topdomain.com/redirect”. Adding just “https://topdomain.com” to the whitelist was enough for OAuth redirection, and it was working till yesterday. But now I’m getting “invalid redirect url” when a user tries to authorize the app unless I give the full domain in the whitelist. That means adding each subdomain separately which is not feasible.
For now I’ve added a few full domains to whitelist for testing, but this is impacting my ability to roll out Zoom integration with my app.
Is this a bug, or a new change in behaviour?