Lock authorize returning 403

Please include the following information in your post:

  • Which SDK this is regarding: Lock for Web
  • SDK Version: 11.3

I have this running on my local domain without issue, but on a staging domain, I get an error.

There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "http://DOMAIN" to the "Allowed Web Origins" list in the Auth0 dashboard: https://manage.auth0.com/#/clients/CLIENT_ID/settings

I have added the staging domain to the Allowed Web Origins as detailed in the console message (DOMAIN) and the docs at Lock v11 for Web. Interestingly, the URL in the console message does not resolve to the settings page of the application at https://manage.auth0.com/#/clients/CLIENT_ID/settings, it instead redirects to the dashboard aat https://manage.auth0.com/dashboard/eu/USERNAME/.

I noticed in this in the docs:

Embedded login for web uses Cross Origin Authentication. In some browsers this can be unreliable if you do not set up a Custom Domain and host your app on the same domain . Using Custom Domains with Auth0 is a paid feature. If you cannot use Custom Domains, consider migrating to Universal Login.

Is this the issue, or is there something else?

Thank you for thinking of me.