We have a set of internal domains that we use for development and testing. In "Web Authentication Configuration" we have a bunch of redirects set up to these domains. Currently things are working for Sign in with Apple, but we are concerned that at some point a strict policy will kick in and prevent redirects to unverified domains.
Is this a legitimate concern? Will our redirects to unverified domains cease to function at some point?
No, there are no current plans to require verification of redirec URLs. Only the domains in which web applications are hosted and the domains from which emails are sent out require verification.
Thanks @sudhakar19 for the response. Can youi clarify what you mean by "domains in which web applications are hosted"? If we do not verify a domain at all, what will fail besides emails to relay addresses, and at what point?
Second question: We would also appreciate some guidance around subdomains. Our app uses multiple subdomains and it's not clear whether we should verify all of them, just one of them, or the top-level domain.
