Redirect loop while inside of iframe with custom domain

I am running into an issue with an infinite redirect loop when redirecting users to auth0 while inside of an iframe.

Our app runs inside of an iframe on our partner’s website. We redirect to auth0 to authenticate existing users. This redirect is causing an infinite redirect loop on Safari. Disabling “Prevent cross-site scripting” “fixes” the issue but is not a real fix.

A bit more on our setup:

ourpartner has an iframe (stevesiframe), when the user is expected to authenticate, the stevesiframe redirects to auth.stevesiframe (auth0 custom domain).

I’ve setup a working example here: Open this page in Safari and enter as the email and notice that you are stuck on the “One moment while we log you in…” page.

use the email

Anyone else running Auth0 on a custom domain inside of an iframe and having issues with redirect loops?