How can we securely determine and trigger the correct enterprise connection (like Okta) on the custom login page based on the user’s email, considering:
- Rules are deprecated and there are no pre-login triggers available now
- Actions only run post-login, which doesn’t help for dynamic connection routing
- The user’s email domain doesn’t directly match the connection name (e.g.,
vinay@gmail.com
→tailorbird_okta
) - Using Management API from frontend is insecure due to token exposure
Is there any recommended Auth0 pattern or workaround for securely resolving the connection name before calling
authorize()
?