Using the spa sdk via CDN on a web page. My allowed lists are proper.
First time through I’m able to hit the whole sequence. Awesome.
- Submit client & domain unsing createAuth0Client(options)
- receive and parse code using handleRedirect()
- final redirect lands in the proper path and isAuthenticated() returns true
If I refresh the page I have issues. Same exact calls and I get a 403 saying my callback
is an unapproved url. Which it is, but it’s the wrong callback. It’s just the location.origin value instead of the one I’m setting which includes a path of /admin.
Clearing storage / cookies fixes it, but it returns every time. Any help is appreciated.