SPA and wildcard for subdomains

Hi Everyone,
we have stage environments for every pull request and as per that we use a wildcard in Allowed Callback URLs and Allowed Web Origins (https://* When you enter the first time all seems fine - you are redirected to Auth0 Hosted pages where you login and are redirected back to our app. But when you refresh the page or change subdomain (eg go from to request to https://ourAuth0CustomDomain/authorize fails with error 400 saying The specified redirect_uri ""; does not have a registered origin.. As far as I can tell it somehow related to cookie (value: true, domain:, SameSite: empty value). If I delete this cookie and refresh the page, it will hit Auth0 and get new code and successfully login to the up, but, refreshing the page will create this issue again.

We are using “@auth0/auth0-spa-js”: “^1.6.4”, everything is basically configured as per official start guide for angular, both auth0 hosted pages and stage subdomain are under the same master domain.

I will be grateful for any tips.

Many thanks,

I’ve just encountered this exact issue too. Any pointers on how to fix?

Hey there!

As you probably saw in another thread @4degrees you posted our product team will be addressing that really soon.