From 00342b6940531c17d5b0d998dee14e08cafbd88a Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Fri, 13 Feb 2026 17:07:16 -0500
Subject: [PATCH] fix(redirect): [PM-30810] Https Redirection for Cloud Users -
 Cleaned up claude's implementation to prioritize clarity.

---
 src/Core/Constants.cs                    | 11 +++++++++++
 src/Identity/IdentityServer/ApiClient.cs |  4 +---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index b0b2b32204..ddd88f1e83 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -38,6 +38,17 @@ public static class Constants
     /// </summary>
     public static readonly string[] BitwardenCloudDomains = ["bitwarden.com", "bitwarden.eu", "bitwarden.pw"];
 
+    /// <summary>
+    /// Server permitted SSO callback redirect URIs for mobile clients.
+    /// </summary>
+    public static readonly string[] BitwardenMobileSsoCallbackUris =
+    [
+        "bitwarden://sso-callback",
+        "https://bitwarden.com/sso-callback",
+        "https://bitwarden.eu/sso-callback",
+        "https://bitwarden.pw/sso-callback",
+    ];
+
     /// <summary>
     /// Used by IdentityServer to identify our own provider.
     /// </summary>
diff --git a/src/Identity/IdentityServer/ApiClient.cs b/src/Identity/IdentityServer/ApiClient.cs
index df250ef410..74b3ede5f7 100644
--- a/src/Identity/IdentityServer/ApiClient.cs
+++ b/src/Identity/IdentityServer/ApiClient.cs
@@ -83,9 +83,7 @@ public class ApiClient : Client
         }
         else if (id == "mobile")
         {
-            RedirectUris = new[] { "bitwarden://sso-callback" }
-                .Concat(Constants.BitwardenCloudDomains.Select(d => $"https://{d}/sso-callback"))
-                .ToArray();
+            RedirectUris = Constants.BitwardenMobileSsoCallbackUris;
             PostLogoutRedirectUris = new[] { "bitwarden://logged-out" };
         }