New Universal Login Support for IFrames (Office Addin Authentication)

“New” Universal Login Support for IFrames (Office Addin Authentication)

Currently we have to use the “Classic” Universal Login for Authenticating our Office Addins with Auth0. This is because they run within I-Frame containers provided by Microsoft Office. We are able to use the “Classic” flow because we have the ability to “disable click jacking”

We would like to use the “New” universal Login flow for our Office Addins because we have multiple applications within the same tenant. We have to downgrade all of our other applications to “Classic” to support our addins.

Worst case, we would like to disable the click-jacking protection in the “New” UL (even if there is a huge warning :wink:

Otherwise - please provide some alternative work arounds. Thank you in advance.

Hi @glynn.fouche,

Welcome to the Auth0 Community!

Thanks for providing your feedback. I updated the title to reflect your request.

We need to make a decision:

Will the “New” Universal Login Support IFrames (Office Addin Authentication) - if so when.

Thank you in advance.

1 Like

Support for iframe embedding is why I’m looking at Auth0 actually, because Cognito doesn’t allow it which breaks my use case.

Please answer, Auth0

1 Like

Thanks for providing your +1 to it Jacoby! I’m gonna relay it to appropriate team!

1 Like

Up ! Is there a solution to login from an iframe with the “new universal login” method ?

We have discussed a related issue with your support: to specify which domains should allow iframes. Currently it’s either allow nothing or allow everything (by enabling the “Disable clickjacking protection for Classic Universal Login” flag). However, we’d rather specify the domain name(s) which should return in the frame-ancestors directive.

See also CSP: frame-ancestors - HTTP | MDN.

1 Like

Thanks for sharing that with the rest of community!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.