We are looking for some best practices for creating an Auth0 ‘custom domain’ architecture,.
We don’t want to burn too many cycles in trial and error hoping to land the correct architecture.
Here’s what we have and are looking to accomplish with our current project:
- Main public portal, https://oursite.com
- Client Angular App (restricted product access only using Auth0 identity services) portal, https://app.ourapp.com
So basically using an angular and html architecture we have two components: a basic site which is simple static HTML that provides info about our products/services, etc, a SaaS product with a login (i.e.: paywall) which customers use and is based on angular architecture which users must log in to in order to access/use.
When creating an Auth0 custom domain (yes, we’ve read the docs),…
The docs use an example URL for the custom domain of login.northwind.com, so in relation to our example above it suggests we use “https://login.oursite.com”…
Here’s what we’re not sure of with Auth0 Custom Domain architecture and best practice(Any answers to these questions, greatly appreciated):
- Does the custom domain name need to match the application site sub domain name (not TLD domain)? That is, would login.oursite.com be then only a one time user access page for logging in based on the universal login, or can custom domain also be the sub-domain of the application, i.e.: app.oursite.com? Does this mean that regardless of sub-domain, as long as the Auth0 custom domain is on the same TLD domain (i.e.: oursite.com) then all response and requests are safely handled per normal?
- Will the custom domain change the reference that users see when using using social login? For example, when using Google Auth, using universal login, the user is prompted to allow “Auth0” to access email, name, etc. as part of the handshake. But, Will the custom domain configuration in Auth0 change this for google auth to state, “oursite.com” wants access to your email, name, etc., instead?
- Is there a way and what is the best practice for testing a custom domain locally? If our developers are developing on local workstations, and we implement custom domain, will a callback to localhost:3000, for example still work to receive callback details, etc. for local testing? If not, what is the best way to test custom domain is working or must one always deploy to a public domain to test?
Any help on the above questions would be greatly appreciated.
Thanks in advance.