Can you confirm that both the window.location.origin and ${window.location.origin}/beneficiary-application-page-1 are listed in the Allowed Callback URLs of the tenant?
Is the ${window.location.origin}/beneficiary-application-page-1 a protected route? It’s difficult to tell from the code sample. Does that route call loginWithRedirect()?
I found this solution that may prove helpful to you if the answers to the last few questions are “yes”: Angular app non stop refresh after login with code and state query string - #4 by frederik.prijck
Please let me know if I can assist further!
Thanks,
Mary Beth