I am using the react SDK @auth0/auth0-react to implement our social login with OAuth2. I’m passing the connection parameter in order to skip the redirect part. We think this is a better user experience, where the user has to click the login button once and that’s it.
My question is whether I’m introducing security issues by doing this? Most guides/blogs don’t include the connection parameters, and “embedded” login is not recommended in general, so I’m worried about going with this approach.
You are okay to pass the connection parameter. Is there something you are concerned about specifically? Embedded login is quite different from passing the connection param.
I don’t have any particular concerns, I just didn’t understand the difference between the two and wanted to be on the safe side. I will read up more on it for now.