Hi there, we have a product that’s embedded on multiple client websites, which share the same backend, user database, and auth0 application.
We want users to be able to login into clientsite1.com/some/page without having to add every possible client URL to our allowed callbacks list. We also can’t host callback pages on client domains, so something like clientsite1.com/auth/callback would not be an option.
Is it possible to use our domain as the callback url (login.oursite.com/auth/callback) and securely redirect back to clientsite1.com/some/page to authenticate the user there?
I’ve read the answer on dynamic callback urls, but using local storage to store a random nonce seems like it won’t work with different origins.