<div dir="ltr">I actually share Stian&#39;s position. Using the same client credentials for a wildcard selection of domain names (I assume different apps) looks like a bad idea. When provisioning these wildcard &quot;clients&quot;, are you not able to provision them with a separate set of client credentials via the keycloak admin API?</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 20, 2016 at 12:50 AM, Josh Cain <span dir="ltr">&lt;<a href="mailto:josh.cain@redhat.com" target="_blank">josh.cain@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Per <a rel="12650576" href="https://issues.jboss.org/browse/KEYCLOAK-3585" target="_blank">KEYCLOAK-3585:</a><p>Currently, valid redirect URI hostnames allow for wildcards at the end like so:</p>
<p>
</p><div style="border-width:1px;border-style:dashed;border-color:rgb(187,187,187);border-radius:5px;overflow:auto;max-height:30em">
<table style="font-size:1em;line-height:1.4em;font-weight:normal;font-style:normal;color:black" width="100%" border="0" cellpadding="0" cellspacing="0">
                <tbody>
                                <tr>
                                                <td style="line-height:1.4em;padding:0em;vertical-align:top">
                                        <pre style="font-size:1em;margin:10px;width:auto;padding:0px"><span style="color:black;font-family:&quot;consolas&quot;,&quot;bitstream vera sans mono&quot;,&quot;courier new&quot;,courier,monospace"><a href="http://www.redhat.com/*" target="_blank">http://www.redhat.com/*</a>
</span></pre>
                        </td>
                </tr>
                        </tbody>
</table>
</div>
<p>
</p><p>I&#39;m managing several environments where clients need &#39;n&#39; number of available redirect URI&#39;s with different hostnames, I.E.</p>
<p>
</p><div style="border-width:1px;border-style:dashed;border-color:rgb(187,187,187);border-radius:5px;overflow:auto;max-height:30em">
<table style="font-size:1em;line-height:1.4em;font-weight:normal;font-style:normal;color:black" width="100%" border="0" cellpadding="0" cellspacing="0">
                <tbody>
                                <tr>
                                                <td style="line-height:1.4em;padding:0em;vertical-align:top">
                                        <pre style="font-size:1em;margin:10px 10px 0px;width:auto;padding:0px"><span style="color:black;font-family:&quot;consolas&quot;,&quot;bitstream vera sans mono&quot;,&quot;courier new&quot;,courier,monospace"><a href="http://developer1.env.redhat.com" target="_blank">http://developer1.env.redhat.<wbr>com</a></span></pre>
                        </td>
                </tr>
                                <tr>
                                                <td style="line-height:1.4em;padding:0em;vertical-align:top">
                                        <pre style="font-size:1em;margin:0px 10px;width:auto;padding:0px"><span style="color:black;font-family:&quot;consolas&quot;,&quot;bitstream vera sans mono&quot;,&quot;courier new&quot;,courier,monospace"><a href="http://developer2.env.redhat.com" target="_blank">http://developer2.env.redhat.<wbr>com</a></span></pre>
                        </td>
                </tr>
                                <tr>
                                                <td style="line-height:1.4em;padding:0em;vertical-align:top">
                                        <pre style="font-size:1em;margin:0px 10px 10px;width:auto;padding:0px"><span style="color:black;font-family:&quot;consolas&quot;,&quot;bitstream vera sans mono&quot;,&quot;courier new&quot;,courier,monospace"><a href="http://developer3.env.redhat.com" target="_blank">http://developer3.env.redhat.<wbr>com</a>
</span></pre>
                        </td>
                </tr>
                        </tbody>
</table>
</div>
<p>
</p><p>Would really help to have the ability to wildcard hostnames too, I.E.:</p>
<p>
</p>

                
                                
                                                
                                        <pre style="font-size:1em;margin:10px;width:auto;padding:0px"><span style="color:black;font-family:&quot;consolas&quot;,&quot;bitstream vera sans mono&quot;,&quot;courier new&quot;,courier,monospace">http://*.<a href="http://env.redhat.com" target="_blank">env.redhat.com</a>
</span></pre><br><div>I&#39;ve submitted <a href="https://github.com/keycloak/keycloak/pull/3241" target="_blank">#3241</a> to address this issue, but there seem to be some concerns about allowing wildcards in other parts of the URL.  See the PR for a more fleshed out discussion, but wanted to start a thread here on the mailing list.  Particularly with respect to:<br><ul><li>Does anyone have need of this feature or would find it useful?</li><li>Should this kind of wildcard be allowed as a configuration option by Keycloak?<span class="HOEnZb"><font color="#888888"><br></font></span></li></ul></div><span class="HOEnZb"><font color="#888888"><div><div><div><div dir="ltr"><div><div dir="ltr"><span><div><div>Josh Cain | Software Applications Engineer<br></div><i>Identity and Access Management</i><br></div><b>Red Hat</b><br><a href="tel:%2B1%20256-452-0150" value="+12564520150" target="_blank">+1 256-452-0150</a><br></span></div></div></div></div></div>
</div></font></span></div>
<br>______________________________<wbr>_________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-dev</a><br></blockquote></div><br></div>