Embedded login for web applications uses cross-origin authentication unless you configure a custom domain for your tenant. Cross-origin authentication uses third-party cookies to allow for secure authentication transactions across different origins.

Using Auth0’s SDKs to implement Embedded Login

You can implement Login using Auth0’s Lock widget, or if you need complete control of the user experience, you can implement it using Auth0.js:

Configure Cross-Origin Resource Sharing (CORS)

For security purposes, your app’s origin URL must be listed as an approved URL. If you have not already added it to the Allowed Callback URLS for your application, you will need to add it to the list of Allowed Origins (CORS).
  1. Navigate to Auth0 Dashboard > Applications > Applications, and select the name of your application to see its settings.
  2. Locate Allowed Origins (CORS), enter your application’s origin URL, and select Save Changes.