So we whitelist the valid redirects which is perfectly sensible but that means we can’t dynamically create redirect_uris for universal login.
The site I’m working on has extensive guest access which results in registered users navigating to locked areas accidentally as guests, then realising they have to login and then being dumped back to root (as its the whitelisted uri). I don’t want to have to manually create a redirect_uri per possible “guest access” path on the main site to avoid this because that will also result in a manual step per path to whitelist the url in auth0 (e.g. if someone adds a new page).
So this means either I need to find something that wordpress already has that I can lean on to do this OR I can maybe hack something into both Wordpress and maybe the Auth0 plugin to store user location and restore it when universal login completes.
How do other people go about solving this?