Hi everyone. Let me clarify a few things:
- Lock v11 is required is using embedded login (i.e. login on your application as opposed to login in Auth0’s hosted login page).
- Cross-Origin Authentication is the new method Lock v11 uses when doing embedded login. If using the hosted login page, Lock v11 should work as before, no custom domain needed.
- Custom domains is required to avoid third-party cookies issues when doing Cross-Origin authentication. Thus, if using embedded login, custom domain becomes almost a necessity.
- The fallback verification page for cross-origin authentication solves a small subset of issues when it’s not possible to use custom domains. But since it’s not bulletproof, we recommend either using custom domains or moving to universal login (hosted login page).
- The fallback verification page shouldn’t be needed if using universal login (hosted login page). There might be a problem in one of the involved components if this is not working in iOS Safari. I’ll have the team check.