I have an angularjs app which uses auth0.js v6. I would like to migrate to use universal login. My app uses hash-based routing.
The quickstart guide for angularjs states
This example assumes you are using path-based routing by setting $locationProvider.html5Mode(true). If you are using hash-based routing, you will not be able to specify a dedicated callback route. The URL hash will be used to hold the user’s authentication information.
The documentation (as far as I can tell) doesn’t explicitly say that universal login is not possible if hash-based routing is used.
Could someone please clarify if there is a way to use universal login in an angularjs app which uses hash-based routing?
You can use hash based routing but to do so requires you to specify the callback URL as the root of your application (e.g., /) as the hash fragment that specifies the path will be removed by Auth0, i.e., https://your-domain/#/callback will become https://your-domain/.
Please keep in mind that we strongly recommend against hash based routing and you should use path based routing instead if possible.
RFC3986 defines the expected order of a URL as scheme|authority|path|query|fragment. SPA frameworks like Angular that use hash based routing violate this standard and expect scheme|authority|path|fragment|query instead.
Hash based routing can also introduce problems with Auth0.js when you use the implicit flow as the resulting access token returned is contained within the hash fragment.