“New” Universal Login Support for IFrames (Office Addin Authentication)
Currently we have to use the “Classic” Universal Login for Authenticating our Office Addins with Auth0. This is because they run within I-Frame containers provided by Microsoft Office. We are able to use the “Classic” flow because we have the ability to “disable click jacking”
We would like to use the “New” universal Login flow for our Office Addins because we have multiple applications within the same tenant. We have to downgrade all of our other applications to “Classic” to support our addins.
Worst case, we would like to disable the click-jacking protection in the “New” UL (even if there is a huge warning
Otherwise - please provide some alternative work arounds. Thank you in advance.
We have discussed a related issue with your support: to specify which domains should allow iframes. Currently it’s either allow nothing or allow everything (by enabling the “Disable clickjacking protection for Classic Universal Login” flag). However, we’d rather specify the domain name(s) which should return in the frame-ancestors directive.