Multiple callback URL's for a single OUTH 2.0(3LO) App

Is it possible to use multiple callback URL’s for a single OAUTH 2.0 (3LO) app ?

Use case:

I have multiple websites. JIRA integration has to be done in all the websites. All the configurations (e.g: scopes) in OAUTH App are same for all the website. So I want to use single oauth app for authorising JIRA. This would be possible only when a single OAUTH app supports multiple callback URL’s.

1 Like

Hi @vishnuranjan,

An OAuth 2.0 app can only have a single callback URL. You’ll need to create a separate app per website, then design your codebase to accept multiple sets of OAuth secrets.

1 Like

@mventnor that’s unfortunate. Allowing only one URL makes migration to a new callback URL a bit more challenging. Essentially, I have to reconfigure the new callback URL in my app and deploy that. After that, I have to quickly update the OAuth client with the new URL. If anyone starts the OAuth flow in the meantime it will (or should) fail because the callback URLs do not match. The OAuth2 standard allows multiple callback URLs and that would help a great deal in smoothening URL migrations.

On that note, is updating the URL for approved apps instant or does it have to be approved? It seems for private apps it is instant but I cannot confirm that for public apps. In the second case that would be a problem.

So I jumped the cliff and just tried to update the callback URL in my app. It seems no approval is required and the change is effective instantly.

1 Like

@mventnor are there any plans to support multiple callback urls?
I guess this is pretty standard request.

Hi Team,

I’ve had a few requests for this recently so I’ve opened this Feature Request with the Forge team

Please comment on, vote for and watch the ticket.


1 Like