Due to security concerns, it wouldn't be safe to allow wildcards for OAuth application redirects. Instead, we propose to add API endpoints to manage OAuth applications. This will allow automated systems to add/update OAuth applications with the appropriate redirect URI on the fly.

Original description

Problem to solve

Gitlab OAuth provider can only have fixed redirect uri parameters.

Further details

I'm using gitlab as a OAuth provider for my app, but I can't redirect a user to the page they are coming from. I can only redirect them to a static site which I have to set as the redirect uri in my created application.

Proposal

Add wildcards to redirect_uri somewhere around here https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/doorkeeper.rb#L105

What does success look like, and how can we measure that?

Can users set wildcards in redirect uris and do they work.

Links / references

https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/initializers/doorkeeper.rb#L105