Ability to remove OpenID Redirect Uri Validation

[kdudley21]

Right now the OpenId/Applications Edit/New page (Admin/OpenId/Application/Edit/) check to make sure that the redirect uris are valid uris and if they arent valid it removes them

Is there a way to make it so it doesnt validate the uri ? I would like to use wildcards so for example https://127.*.0.1/signin-oidc and it isnt saving these uris.

[hishamco]

I don't know if this URL works. but the current API checks the URL validation

[kdudley21]

Is there a way to replace to override this validation in the App Builder so it doesnt check to make sure its valid and displays whatever is input?

[hishamco]

Please have a look at the code unless @kevinchalet has some insight about it

[kdudley21]

Ohhhhh ! I already have the wildcards working in OpenIdDict so im guessing I may have to replace the application manager in Orchard

[kevinchalet]

You'd also need your own ApplicationController as the built-in one uses input validation (and the default view models are decorated with [Url]).

Note: wildcards are illegal in OAuth 2.0/OIDC as the specs require using simple string comparison (the only exception is when using a native application: in this case, the port can be dynamic). You may want to adopt a different approach here.

[kdudley21]

Thanks !

[kdudley21]

OK I have a good argument to stick with static urls but now I'm just obsessed with knowing if it could be done. I know I could fork the entire project but now I'm curious if there is another way to override the view model and applications controller without having to do that. I know orchard has so many configurable options so I'd like to learn