Lock authorize returning 403

Please include the following information in your post:

  • Which SDK this is regarding: Lock for Web
  • SDK Version: 11.3

I have this running on my local domain without issue, but on a staging domain, I get an error.

There was an error fetching the SSO data. This could simply mean that there was a problem with the network. But, if a "Origin" error has been logged before this warning, please add "http://DOMAIN" to the "Allowed Web Origins" list in the Auth0 dashboard: https://manage.auth0.com/#/clients/CLIENT_ID/settings

I have added the staging domain to the Allowed Web Origins as detailed in the console message (DOMAIN) and the docs at https://auth0.com/docs/libraries/lock. Interestingly, the URL in the console message does not resolve to the settings page of the application at https://manage.auth0.com/#/clients/CLIENT_ID/settings, it instead redirects to the dashboard aat https://manage.auth0.com/dashboard/eu/USERNAME/.

I noticed in this in the docs:

Embedded login for web uses Cross Origin Authentication. In some browsers this can be unreliable if you do not set up a Custom Domain and host your app on the same domain . Using Custom Domains with Auth0 is a paid feature. If you cannot use Custom Domains, consider migrating to Universal Login.

Is this the issue, or is there something else?

Thank you for thinking of me.