Feature: Do we really need to set logout URLs (allowed_logout_urls)?

[alexrussell]

In the Auth0 client configuration, allowed_logout_urls is one area where the developer is allowed to use * for wildcard matching (including subdomains), so it seems sensible that the dev would set this up and we don't have to add each individual domain here.

That is, unless the * is only for entire subdomain parts of a larger full domain, and not part-matching like I assume. The description isn't super clear here, saying:

You can specify multiple valid URLs by comma-separating them. You can use the star symbol as a wildcard for subdomains (*.google.com).

It gives the example of a full subdomain (whereas for Netlify deploy previews, we'd obviously want a part-sub domain). I haven't yet tested it out to say for certain one way or the other, but you may know.

[alexrussell]

Okay just found the wildcard subdomains Auth0 docs and it clearly states you can do part-sub domain wildcarding:

A wildcard may be prefixed and/or suffixed with additional valid hostname characters. https://prefix-*-suffix.example.com will work.

And that's it's available in:

• Allowed Callback URLs
• Allowed Logout URLs
• Allowed Origins (CORS)

Unfortunately not allowed in web origins so we still need the build plugin for that. But this severely reduces the necessary scope of this plugin, which is good as we get less cruft in our client configs.

[romainbessugesmeusy]

I will edit the docs and the code and remove those. Great suggestion.

[romainbessugesmeusy]

Implemented your solution. Thanks

[alexrussell]

Nice one - sorry for the issue spam in the end. i was just trying to implement this plugin and every "hurdle" I found I added an issue and it got out of hand!! Glad it's done the job of tightening the plugin up though 👍