Is it possible to use multiple callback URL’s for a single OAUTH 2.0 (3LO) app ?
Use case:
I have multiple websites. JIRA integration has to be done in all the websites. All the configurations (e.g: scopes) in OAUTH App are same for all the website. So I want to use single oauth app for authorising JIRA. This would be possible only when a single OAUTH app supports multiple callback URL’s.
Hi @vishnuranjan,
An OAuth 2.0 app can only have a single callback URL. You’ll need to create a separate app per website, then design your codebase to accept multiple sets of OAuth secrets.
@mventnor that’s unfortunate. Allowing only one URL makes migration to a new callback URL a bit more challenging. Essentially, I have to reconfigure the new callback URL in my app and deploy that. After that, I have to quickly update the OAuth client with the new URL. If anyone starts the OAuth flow in the meantime it will (or should) fail because the callback URLs do not match. The OAuth2 standard allows multiple callback URLs and that would help a great deal in smoothening URL migrations.
On that note, is updating the URL for approved apps instant or does it have to be approved? It seems for private apps it is instant but I cannot confirm that for public apps. In the second case that would be a problem.
So I jumped the cliff and just tried to update the callback URL in my app. It seems no approval is required and the change is effective instantly.
@mventnor are there any plans to support multiple callback urls?
I guess this is pretty standard request.
Hi Team,
I’ve had a few requests for this recently so I’ve opened this Feature Request with the Forge team
Please comment on, vote for and watch the ticket.
Regards,
James.
Hi, are there any plans to implement this?
I work with a lot of vendors and all of them pretty much support multiple callback URLs, which makes development easier for us.
@jrichards @mventnor is there any progress on this issue and can we add multiple callback URLS?
Multiple callback URLs are needed to make the new remote MCP server work with VS Code.
So it’s time to rethink the decision to ignore these requests.
@jrichards Is there any update on this issue? can we add multiple callback URLs?
I am curious about this question because I also searched for this question.
Yeah this is going to be a thorn in my side as well…
