Community Ideas

Welcome! We're glad you're here.

In the Ideas Portal, we encourage you to share your ideas and feature improvements for RingCentral products. Whether you're an admin supporting your whole team on the RingCentral app, an employee attending meetings with RingCentral Video, or a developer using integrations, we want to hear from you!

You're invited to browse existing ideas, vote on features you would like to see, and leave comments sharing your use case.

We've put together a helpful guide for getting the most out of Submitting and Voting for Product Ideas.

We can't wait to hear your bright ideas!

Allow for wildcards in app redirect URIs

When testing our app, sometimes we'll use a redirect URI that appends a canary branch. For example, if we have the redirect URI https://ourservice we may have a test branch URI of https://ourservice/branch/bugfix-1 or https://ourservice/branch/bugfix-2. Instead of having to go into the console and specify each redirect URI, it'd be nice to have a wildcard, for instance https://ourservice/branch/*.

  • Guest
  • Apr 14 2021
  • Not Under Consideration
Developer Platform and APIs
  • Attach files
  • Admin
    Byrne Reese commented
    18 Oct 11:57pm

    We recognize the utility of this feature, however, IETF specifically recommends against this approach

    For example OAuth 2.1 (still in draft says (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-04#section-2.3.2):

    "Authorization servers MUST require clients to register their complete
    redirect URI (including the path component) and reject authorization
    requests that specify a redirect URI that doesn't exactly match one
    that was registered; the exception is loopback redirects, where an
    exact match is required except for the port URI component."

    And https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-18#section-2.1

    "When comparing client redirect URIs against pre-registered URIs,
    authorization servers MUST utilize exact string matching except for
    port numbers in "localhost" redirection URIs of native apps, see
    Section 4.1.3. This measure contributes to the prevention of leakage
    of authorization codes and access tokens (see Section 4.1). It can
    also help to detect mix-up attacks (see Section 4.4)."
    ×

    Attachments Open full size

  • Guest commented
    15 Apr 03:01pm

    I really like the idea, btw.

    I'd add a branch name variable, site location/IP identifier within your code as a tag to automatically load the proper console. (If name=Houston, then load /houston-branch/*.)

    ×

    Attachments Open full size

  • Guest commented
    15 Apr 02:54pm

    Good idea. What if this change happened within your code by adding a drop down to choose between the wildcards?

    ×

    Attachments Open full size

Related ideas