Silent Authentication: Failed to execute 'postMessage' on 'DOMWindow'

Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://dev.app.mywebsite.com’) does not match the recipient window’s origin (‘https://login.dev.app.mywebsite.com’).

I cannot get past the authorize function because of this. When I do inspect and check network tab I do get some proper response for the /authorize but somehow I think the redirection doesnt occur due to this?

In the Dashboard:

On ‘Application Login URI’ I have already configured it to the value of ‘https://dev.app.mywebsite.com’. ‘Allow Web Origin’ and ‘Allow Callback URL’ also has that value.

‘Cross Origin Authentication’ is also enabled and ‘Allowed CORS’ has the value of ‘https://dev.app.mywebsite.com’. ‘Cross-Origin Verification Fallback URL’ is empty at the moment

Which configuration part am I missing?

Solid work by Okta. Its been 2 months now and no answers.

any news about this matter?

I am also having this issue, but on my end the post message is to my android custom deep link URL (I’m using Ionic and following the Auth0 quick-start documentation for Ionic Angular).

We need to be able to call the getAccessTokenSilently for out API and we have the useRefreshTokens and useRefreshTokensFallback both set to true in the configuration. Does it have anything to do with those? What exactly is going on to cause this issue and how can it be resolved?