I’ve still not been able to get past this issue.
I’ve seen many posts of similar issues; however, my web origins and CORS account for all of those scenarios. Like I said, I’ve confirmed my ‘Origin’ HTTP Header on another server coming from the same app on iOS and it is capacitor://localhost. Unfortunately, this does not permit it for Auth0. Is it possible that this error is actually caused by something else and the error is misleading?
Otherwise, is there someway in a policy rule or something else that I could log the origin of the request to ensure I’m permitting the right host(s)? This is a show stopper for me right now.