Wildcard redirect URIs don't work with Netlify

[brianhelba]

Describe the bug
The recent feature #1508 explicitly notes that it enables interoperability with Netlify:

#1506 Support for Wildcard Origin and Redirect URIs - Adds a new setting ALLOW_URL_WILDCARDS. This feature is useful for working with CI service such as cloudflare, netlify, and vercel that offer branch deployments for development previews and user acceptance testing.

However, Netlify Deploy Previews use URLs of the form:

• deploy-preview-42--yoursitename.netlify.app
• 1234abcd12acde000111cdef--yoursitename.netlify.app

In both cases, the desired redirect_uris would be https://*--yoursitename.netlify.app. Configuring redirect_uris with https://*-yoursitename.netlify.app (a single -) would not be acceptable, as it would cause a security vulnerability by allowing redirection to something like https://deploy-preview-42--evil-yoursitename.netlify.app which may be controlled by an unknown third-party.

However, the validation code here disallows a redirect_uris value with a netloc component starting with *-- (it only allows *-).

This makes wildcard redirect URIs practically incompatible with Netlify Deploy Previews.

Version
3.1.0

• I have tested with the latest published release and it's still a problem.
• I have tested with the master branch and it's still a problem.

[brianhelba]

A workaround is to set the appropriate redirect_uris value (with the *--) using a database shell. Following that, the actual authorization steps will succeed just fine at runtime.

In this case, the Django Admin can no longer be used to edit the Application, as the problematic validator will cause all future saves to fail.