In the legacy lock deprecation announcement,, it sounds as if a custom domain is highly recommended (but not required) when using embedded login. Is this indeed the case? If we keep using embedded logins with lock version 11, will things work, subject to the hazards of cross-origin issues? Or is a custom domain formally required?
It works without custom domains, but things get tricky if your user has 3rd party cookies disabled: Cross-Origin Authentication
We’re waiting for the new macos/ios beta to test the new Intelligent Tracking Prevention system that apple developed.