When using the Lock widget (v11), I can successfully login from subdomain.mywebsite:3000, but subdomain.mywebsite:3000/users/9/profile (for example) is considered an invalid web origin. subdomain.mywebsite is a hosts file rename of localhost. The current entry I have for Web Origins is subdomain.mywebsite:3000 (with no trailing slash).
Is there any way to set the Web Origin to subdomain.mywebsite:3000/* or some such rule that allows arbitrary pathnames after the domain?
The Allowed Web Origins have the format of <scheme> "://" <host> ":" <port> ], such as https://login.mydomain.com or http://localhost:3000. No further pathname should be needed in the allowed web origin field, as http://subdomain.mywebsite:3000 would be equivalent to http://subdomain.mywebsite:3000/users/9/profile as far as web origins is concerned.
Your issue might be related to callback url not being defined in the client’s settings. Could you try adding the [redirectUrl] (Lock Configuration Options) configuration option in Lock, as well as adding it to the Allowed Callback URLs of your client?