Best Practice for Redirect Pages with Regards to Domains

Overview

When a self-managed custom domain is used, and a redirect is made during an action, what’s the best practice for hosting the page the user will be redirected to? Is it good practice to use the same domain as that used for authentication?

Applies To

  • Actions
  • Rules
  • Redirects

Solution

While it’s possible to use the same domain as that used for authentication when using a self-managed custom domain, it’s generally not a good practice. It is preferable to use a different subdomain instead.

For example, if the custom domain configured in Auth0 is login.domain.tld, then for an account linking redirect one might use something like account-link.domain.tld for hosting the page to which the user will be redirected.