Similar to allowed domains, you can configure allowed OAuth redirect URLs to restrict where users can be redirected after they log in with an external OAuth provider. This is a security best practice that prevents users from being redirected to malicious sites with their authentication token. To configure allowed OAuth redirect URLs, navigate to Configuration > App settings > Advanced on the dashboard. Add the OAuth providers are allowed to redirect to after authentication. Please note:
  • The URL must be an exact match for the redirect URL; query params and trailing slashes will error.
  • The URL must be at a domain listed in allowed domains.
  • The protocol (https) is required.
  • Wildcards (*) are not supported.
  • If no URLs are listed, users can be redirected to any URL.