I’m building a multi-tenant platform that can have multiple domains and subdomains mapped to the single hosted vuejs app. Based on the domain, different settings are applied.
Currently when a new domain is to be mapped, i am using the Management API to add to the ever growing list of callback urls.
I know you cannot have wildcard callback urls.
Can anyone dream up a different solution to this? What if there is an undocumented limit to that list of callback urls…
Anyway currently the auth0.js lock widget redirects back to the site so long as callback urls are specified.
Pondering the idea of a single callback url that say instead of: redirectUri: location.origin + ‘/callback’ you’d send it to ‘mainapp.whatever/callback’ - then call this.auth0.popup.callback() or what have you. Then once you grab the accessToken, POST it to the originating url /callback-with-accesstoken
I dunno, just thinking out loud how i can consolidate some of the callback url data entry whilst remaining secure.