Hello all,
We have this setup:
- oursite.com -->Static site (nuxt with nuxt-auth plugin configured for auth0)
- app.oursite.com → SPA with UniversalLogin, already working properly
- auth.oursite.com → UniversalLogin with our custom domain
We wan to implement this auth flow
1.- User opens oursite.com
2.- Clicks a button that calls auth0-js and opens auth.oursite.com with redirect_uri: ‘app.oursite.com’
3.- User logs in / sign up correctly and its redirected to app.oursite.com
4.- app.oursite.com is able to parse auth info from the hash and acts as if user has logged in from app.oursite.com
Everything works until 4, where the handleAuthentication callback gives us this error:
{error: “invalid_token”, errorDescription: “state does not match.”}
- we have SSO activated in our tenant.
- client id, domain and audience are the same in oursite.com and app.oursite.com
Is this flow possible? what are we missing?