Problem statement
We have an application built in Angular, passed through the Microsoft Teams app, using the contentURL. When using iFrame, we are getting this error:
"https://{tenant}.us.auth0.com/'; refused to connect in the MS Teams tab application."
Cause
- The “Clickjacking Protection for Universal Login Change” migration setting was toggled on, but using the New Universal Login cannot be hosted in an iFrame: Clickjacking Protection for Universal Login Change
Solution
Switching to the Classic Universal Login will allow this to work as long as Clickjacking protection is disabled in the Migrations section of the Tenant Settings.
We have currently backlogged an item for considering allowing the Universal Login page to be hosted in an iframe in any other page from the domain, or possibly specifying a list of the domains that let you render the page in an iframe.