Is Skipping redirect by providing connection parameter in React SDK secure?

Hello, Auth0 community!

I am using the react SDK @auth0/auth0-react to implement our social login with OAuth2. I’m passing the connection parameter in order to skip the redirect part. We think this is a better user experience, where the user has to click the login button once and that’s it.

The login function looks like this:

loginWithRedirect({
     redirectUri: "my-redirect-uri",
     connection: "google-oauth2",
})

My question is whether I’m introducing security issues by doing this? Most guides/blogs don’t include the connection parameters, and “embedded” login is not recommended in general, so I’m worried about going with this approach.

Thanks for the help.

Hi @farah,

Welcome to the Auth0 Community!

You are okay to pass the connection parameter. Is there something you are concerned about specifically? Embedded login is quite different from passing the connection param.

I don’t have any particular concerns, I just didn’t understand the difference between the two and wanted to be on the safe side. I will read up more on it for now.

Thank you very much, really put me at ease.

Thanks for following up, please let me know if you have any other questions.