Iframe custom connection authentication with same domains

hamza.habib · May 13, 2024, 9:25am

URGENT!!
We have 2 apps

www.example.com (spa)
oauth.example.com (php)
SPA(1) button calls PHP’s(2) OAuth server : (oauth.example.com/oauth/authorize and oauth/token) which then calls our custom-domain and gets the token on third party enabled.
3.BUT*
When we embed spa in abc.example.net which is same as oauth.example.com (php) .
& try to authenticate from embedded spa (www.example.com) from Origin (abc.example.net) on third party disabled. It throws too many redirects error. Although an API before /resume gives success response.

We have control on both oauth server, custom domains and SPA.

Can I have some insights, it’s a major blocker right now

Topic		Replies	Views
Switched to custom domain but test still sends auth0 domain as callback Help connections , google-social-connection	3	1848	January 29, 2023
Custom domains with Social Connections Help auth0	4	6579	December 21, 2018
Help with custom social connection Help auth0 , social-connections , login , custom-social-connec , social-connection	7	3853	March 27, 2024
Disable social signup for custom domain Help login	4	2990	January 31, 2020
Is it secure to embed SPA in iframe? Help spa , login , iframe , embedded-login	3	4050	May 26, 2021