Is it supported to use an Auth0 custom domain for Universal Login (login.brand.fit) while using a different domain (brand.fit) for Android App Links redirect ca

We are implementing authentication in a React Native Android mobile app using a hosted login page with a custom authentication domain.

Our setup looks like this:

• Hosted login domain:
  https://login.example.com

• Mobile deep link domain:
  https://example.com

The mobile app starts authentication using the hosted login page on the custom auth domain.
After login, the user should be redirected back to the app using an HTTPS deep link like:

https://example.com/android/com.example.app/callback

Android App Links are configured for this domain, and the verification file is hosted at:

https://example.com/.well-known/assetlinks.json

This is required because we cannot host verification files on the authentication domain.

Question

Is it a supported or recommended approach to:

• use the authentication domain for the hosted login page

• and a different domain for the mobile redirect/deep link

Are there any additional configuration steps required to support this architecture?

We want to ensure this setup follows recommended best practices for mobile authentication flows.

Hello!

Those do not need to be the same host. Auth0 only requires that the redirect_uri you send in the authorization request is registered as an Allowed Callback URL, and that it matches exactly. Auth0 also recommends using claimed HTTPS callback URIs like Android App Links for native apps rather than custom URI schemes.