Docs

Embedded Passwordless Authentication for SPAs

Embedded Passwordless Authentication for SPAs

Embedded login for web uses Cross Origin Authentication. In some browsers this can be unreliable if you do not set up a Custom Domain and host your app on the same domain. Using Custom Domains with Auth0 is a paid feature. If you cannot use Custom Domains, consider migrating to Universal Login.

Using Auth0's SDKs to implement Embedded Login

You can implement Passwordless Login using Auth0's Lock widget or if you need complete control of the user experience, you can implement it using Auth0.js:

Configure Cross-Origin Resource Sharing (CORS)

For security purposes, your app's origin URL must be listed as an approved URL. If you have not already added it to the Allowed Callback URLS for your application, you will need to add it to the list of Allowed Origins (CORS).

  1. Navigate to the Applications page in the Auth0 Dashboard.

  2. Click the name of your application to see its settings.

  3. Scroll to Allowed Origins (CORS), enter your app's origin URL, then click Save Changes.