I am trying to login to our app via an embedded iframe. Getting this error from Ory

*<http://relaxed-kirch-zjpimqs5qe.projects.oryapis.com|relaxed-kirch-zjpimqs5qe.projects.oryapis.com>* redirected you too many times.

Have no clue how to debug/fix this. Any help would be much appreciated. We had this same exact code working just fine with Auth0, so wondering if its a bug with Ory or our implementation.

Yeah, iframes are pretty much broken for cross domain websites due to modern browsers blocking all cookies in iframes where the iframe domain does not match the app domain. You can probably fix this by using a custom domain. However, if you expect this to work across domains - it won’t due to ITP (intelligent tracking prevention). Chrome is also phasing this out. Generally speaking, iframes are pretty much dead

We implemented a custom auth domain. Still didn’t work. Is there any way to make this work?

Thanks, that is very helpful! It’s 10pm here, will take a look tomorrow! Is the page hosting the iframe also running on sphereone.xyz?

No, it will be a different domain. We’re building an SDK for game devs, so each game will have a different url.

I see, that is unfortunately not going to work because all modern browsers are phasing out things like cookies in cross domain iframes. Unfortunately, iframes can’t be used for auth* any more. Safari already blocks cookies on iframes with 3rd party domains, and Chrome will follow in 2024. There are other ways to do what you want though, your case sounds like a good fit for OpenID Connect