diff --git a/.changeset/loopback-redirect-uri-port.md b/.changeset/loopback-redirect-uri-port.md
new file mode 100644
index 0000000000..e2f4d1b725
--- /dev/null
+++ b/.changeset/loopback-redirect-uri-port.md
@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-auth-backend': patch
+---
+
+Fixed CIMD redirect URI matching to allow any port for localhost addresses per RFC 8252 Section 7.3. Native CLI clients use ephemeral ports for OAuth callbacks, which are now accepted when the registered redirect URI uses a localhost address.