we have stage environments for every pull request and as per that we use a wildcard in
Allowed Callback URLs and
Allowed Web Origins (https://*.stage.example.com). When you enter the first time all seems fine - you are redirected to Auth0 Hosted pages where you login and are redirected back to our app. But when you refresh the page or change subdomain (eg go from https://test1.stage.example.com to https://test2.stage.example.com) request to https://ourAuth0CustomDomain/authorize fails with error 400 saying
The specified redirect_uri "https://test1.stage.example.com"; does not have a registered origin.. As far as I can tell it somehow related to cookie
auth0.is.authenticated (value: true, domain: https://test1.stage.example.com, SameSite: empty value). If I delete this cookie and refresh the page, it will hit Auth0 and get new code and successfully login to the up, but, refreshing the page will create this issue again.
We are using “@auth0/auth0-spa-js”: “^1.6.4”, everything is basically configured as per official start guide for angular, both auth0 hosted pages and stage subdomain are under the same master domain.
I will be grateful for any tips.