createAuth0Client sends the wrong redirect 2nd time around

Using the spa sdk via CDN on a web page. My allowed lists are proper.

First time through I’m able to hit the whole sequence. Awesome.

  1. Submit client & domain unsing createAuth0Client(options)
  2. receive and parse code using handleRedirect()
  3. final redirect lands in the proper path and isAuthenticated() returns true

If I refresh the page I have issues. Same exact calls and I get a 403 saying my callback
is an unapproved url. Which it is, but it’s the wrong callback. It’s just the location.origin value instead of the one I’m setting which includes a path of /admin.

Clearing storage / cookies fixes it, but it returns every time. Any help is appreciated.