I actually share Stian's position. Using the same client credentials for a wildcard selection of domain names (I assume different apps) looks like a bad idea. When provisioning these wildcard "clients", are you not able to provision them with a separate set of client credentials via the keycloak admin API?

On Tue, Sep 20, 2016 at 12:50 AM, Josh Cain <josh.cain@redhat.com> wrote:

Per KEYCLOAK-3585:
Currently, valid redirect URI hostnames allow for wildcards at the end like so:
http://www.redhat.com/*
I'm managing several environments where clients need 'n' number of available redirect URI's with different hostnames, I.E.
http://developer1.env.redhat.com
http://developer2.env.redhat.com
http://developer3.env.redhat.com
Would really help to have the ability to wildcard hostnames too, I.E.:
http://*.env.redhat.com
I've submitted #3241 to address this issue, but there seem to be some concerns about allowing wildcards in other parts of the URL. See the PR for a more fleshed out discussion, but wanted to start a thread here on the mailing list. Particularly with respect to:
Does anyone have need of this feature or would find it useful?
Should this kind of wildcard be allowed as a configuration option by Keycloak?
Josh Cain | Software Applications Engineer
Identity and Access Management
Red Hat
+1 256-452-0150
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev