Hey @cmcgowan,
I’ve tried to reproduce the behaviour you are experiencing and described but had no success. After appending /login?state=X&client=X&protocol=X&connection=X&audience=X&redirect_uri=X&scope=X&response_type=X&response_mode=X&nonce=X&code_challenge=X&code_challenge_method=X&auth0Client=X to my custom domain, I just get redirected to my default login route.
You’ve mentioned that Auth0 loads the login page normally. I find that very confusing since using junk parameters won’t allow Auth0 to know which login page to actually serve. You really need to provide some of those parameters. When you say the login page was loaded, do you mean your Classic Universal Login page? From my point of view, that might not be possible with junk parameters.
In addition to what I’ve said, the expected flow would be to call /authorize and not /login. This is documented on our Authentication API documentation.
Since all this don’t make much sense to me, I would suggest you provide a HAR file while reproducing the entire flow so I can take a deeper look at what’s going on there. Please, do not forget to remove any credentials, secrets or active/valid Access Tokens that might be found inside the HAR file. You can also DM me the HAR file if you are concerned about security/privacy.