What is the syntax for wildcards in the callback url?


Assuming it is an option, is there a syntax for wildcards for the callback url?

For development, we have multiple web clusters, with different urls for different branches of development of our website. They all have the same domain name, but different sub-domains.


We deploy these clusters via CloudFormation and CodeDeploy.
CloudFormation AWS::Cognito::UserPoolClient does not include a callback url option.

I attempted to put a callback url of https://*.example.com/ but that failed with an error about using the wrong redirect when the redirect_url was https://cool-feature-1.example.com/

Or is there a different solution?

asked 5 years ago1039 views
8 Answers

We do not support wildcard callback URLs due to security reasons.

Regarding adding the callback URL option in CloudFormation AWS::Cognito::UserPoolClient, we have heard this request from customers and we will try incorporating in our future releases.

answered 5 years ago

I'm using cognito for openid connect auth.
If user opens a page and needs a login, I'd like him to be redirected to the same page after login. so my callback url is


the base url is same but with different target parameter.
is there any way to do it?

answered 4 years ago

You can use the "state" parameter to pass the information about the page you want to redirect the user to. Cognito will pass the state value to your callback endpoint.

answered 4 years ago

I think we can use wildcard for subdomain without security risk if someone wanted to. Let's say example.com is the domain then callback URL would be something like: https://*.example.com/oauth2/idpresponse

answered 2 years ago


We have created a feature request on this and have put that on our road map. However, we don't have any ETA yet on this but please be assured that we are working on the same.
I kindly request you to keep an eye on AWS what’s new[1] page and AWS blogs[2] to get information regarding the updates on the above as well as for recent updates on other AWS services.
[1] https://aws.amazon.com/new/
[2] https://aws.amazon.com/blogs/aws/

answered 2 years ago

@sarthak-AWS - agree this would be a competitive edge / unique feature for Cognito - branch deploys are super common now but no one can authenticate them without loading new urls every time.

answered 2 years ago

I second that, and that's exactly what we do for our deployments, they all go uder a sub-domain and then I have to manually add the url each time. Would be amaxing to have a wildcard since the domain used is our own *.abcdecompany.com would be perfect to take the manual step out of the deployment process.

answered a year ago

Callback URL wildcards still aren't there. Could you shed some light on the state of affairs?

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions