I do not suggest using specifically any of those (Cross-Origin Authentication, Universal Login, Custom Domains) I mean all of them should solve your issue and require approximately the same effort, but basically you need to keep a few things in mind:
-
To configure a custom domain you have to upgrade your account to any paid plan
https://manage.auth0.com/#/tenant/billing/subscription -
Collecting user credentials in an application served from one origin and then sending them to another origin can present certain security vulnerabilities and cross-origin authentication flow which makes use of third-party cookies
-
Because cross-origin authentication is achieved using third-party cookies, disabling third-party cookies will make cross-origin authentication fail.
-
In terms of custom domains you must register and own the domain name to which you are mapping your
Auth0 domain -
It is recommended that you use custom domains with Universal Login for the most seamless and secure experience for your end users
I know it seems like a lot of new stuff but that’s the case/issue that our users happen to come across from time to time and it’s because of 3rd party stack. If you want to see their cases here are some of them:
Let me know if that helps!