diff --git a/okta/resource_okta_app_oauth.go b/okta/resource_okta_app_oauth.go
index edab23fde..c257bbaff 100644
--- a/okta/resource_okta_app_oauth.go
+++ b/okta/resource_okta_app_oauth.go
@@ -208,7 +208,7 @@ func resourceAppOAuth() *schema.Resource {
 				Description: "List of scopes to use for the request",
 			},
 			"redirect_uris": {
-				Type:        schema.TypeSet,
+				Type:        schema.TypeList,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Optional:    true,
 				Description: "List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see okta_app_oauth_redirect_uri for appending to this list in a decentralized way.",
@@ -596,7 +596,7 @@ func setOAuthClientSettings(d *schema.ResourceData, oauthClient *okta.OpenIdConn
 		grantTypes[i] = string(*oauthClient.GrantTypes[i])
 	}
 	aggMap := map[string]interface{}{
-		"redirect_uris":             convertStringSliceToSet(oauthClient.RedirectUris),
+		"redirect_uris":             oauthClient.RedirectUris,
 		"response_types":            convertStringSliceToSet(respTypes),
 		"grant_types":               convertStringSliceToSet(grantTypes),
 		"post_logout_redirect_uris": convertStringSliceToSet(oauthClient.PostLogoutRedirectUris),
@@ -734,7 +734,7 @@ func buildAppOAuth(d *schema.ResourceData) *okta.OpenIdConnectApplication {
 			InitiateLoginUri:       d.Get("login_uri").(string),
 			LogoUri:                d.Get("logo_uri").(string),
 			PolicyUri:              d.Get("policy_uri").(string),
-			RedirectUris:           convertInterfaceToStringSetNullable(d.Get("redirect_uris")),
+			RedirectUris:           convertInterfaceToStringArr(d.Get("redirect_uris")),
 			PostLogoutRedirectUris: convertInterfaceToStringSetNullable(d.Get("post_logout_redirect_uris")),
 			ResponseTypes:          oktaRespTypes,
 			TosUri:                 d.Get("tos_uri").(string),
diff --git a/okta/resource_okta_app_oauth_test.go b/okta/resource_okta_app_oauth_test.go
index 55cc8e4f2..11048cb4d 100644
--- a/okta/resource_okta_app_oauth_test.go
+++ b/okta/resource_okta_app_oauth_test.go
@@ -385,3 +385,41 @@ resource "%s" "test" {
   client_id        = "%s"
 }`, appOAuth, name, name, name)
 }
+
+// TestAccResourceOktaAppOauth_redirect_uris relates to issue 1170
+//  Enable terraform to maintain order of redirect_uris
+// https://github.com/okta/terraform-provider-okta/issues/1170
+func TestAccResourceOktaAppOauth_redirect_uris(t *testing.T) {
+	resourceName := fmt.Sprintf("%s.test", appOAuth)
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProvidersFactories,
+		CheckDestroy:      createCheckResourceDestroy(appOAuth, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+				resource "okta_app_oauth" "test" {
+					label = "example"
+					type = "web"
+					grant_types = ["authorization_code"]
+					wildcard_redirect = "SUBDOMAIN"
+					redirect_uris = [
+					  "https://one.example.com/",
+					  "https://two.example.com/",
+					  "https://*.example.com/"
+					]
+					response_types = ["code"]
+				  }				
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					ensureResourceExists(resourceName, createDoesAppExist(okta.NewOpenIdConnectApplication())),
+					resource.TestCheckResourceAttr(resourceName, "redirect_uris.#", "3"),
+					resource.TestCheckResourceAttr(resourceName, "wildcard_redirect", "SUBDOMAIN"),
+					resource.TestCheckResourceAttr(resourceName, "redirect_uris.0", "https://one.example.com/"),
+					resource.TestCheckResourceAttr(resourceName, "redirect_uris.1", "https://two.example.com/"),
+					resource.TestCheckResourceAttr(resourceName, "redirect_uris.2", "https://*.example.com/"),
+				),
+			},
+		},
+	})
+}