URGENT!!
We have 2 apps
- www.example.com (spa)
- oauth.example.com (php)
SPA(1) button calls PHP’s(2) OAuth server : (oauth.example.com/oauth/authorize and oauth/token) which then calls our custom-domain and gets the token on third party enabled.
3.BUT*
When we embed spa in abc.example.net which is same as oauth.example.com (php) .
& try to authenticate from embedded spa (www.example.com) from Origin (abc.example.net) on third party disabled. It throws too many redirects error. Although an API before /resume gives success response.
We have control on both oauth server, custom domains and SPA.
Can I have some insights, it’s a major blocker right now