docs: add wildcard redirect URI documentation (#1339)

Document the new wildcard pattern support in redirect URIs introduced
in logto-io/logto#8094. Include usage rules, examples, and security
caution about increased attack surface.

Author: wangsijie

docs/integrate-logto/application-data-structure.mdx

@@ -67,6 +67,28 @@ You can check out the [Redirection endpoint](https://datatracker.ietf.org/doc/ht
   Understanding Redirect URIs in OIDC with Authorization Code Flow
 </Url>
 
+#### Wildcard patterns \{#wildcard-patterns}
+
+_Availability: Single page app, Traditional web app_
+
+Redirect URIs support wildcard patterns (`*`) for dynamic environments such as preview deployments. Wildcards can be used in the hostname and pathname components of HTTP/HTTPS URIs.
+
+**Rules:**
+
+- Wildcards are only permitted in the hostname and pathname
+- Wildcards are not allowed in the scheme, port, query parameters, or hash fragments
+- Hostname wildcards must include at least one dot (e.g., `https://*.example.com/callback`)
+
+**Examples:**
+
+- `https://*.example.com/callback` - matches any subdomain
+- `https://preview-*.example.com/callback` - matches preview deployments
+- `https://example.com/*/callback` - matches any path segment
+
+:::caution
+Wildcard redirect URIs are not standard OIDC and can increase the attack surface. Use with care and prefer exact redirect URIs whenever possible.
+:::
+
 ### Post sign-out redirect URIs \{#post-sign-out-redirect-uris}
 
 _Post sign-out redirect URIs_ are a list of valid URIs that have been pre-configured for an application to redirect the user after they have signed out from Logto.