Hi Minh,
It might not be a good idea to do authentication within an iframe. By default we block the login page from being loaded in an iframe although you can disable this behavior.
Modern browsers also applies stricter conditions on the cookies in iframe, which may also break the Auth0 SSO which replies on cookies to work.
PS: I’ve replied your support ticket of the same question too 