Auth0 Support Center - Home Realm Discovery Using Auth0.js

Home Realm Discovery Using Auth0.js

Sep 10, 2025

Overview

If Auth0.js has been used to create a custom login page for Classic Universal Login., it is now required to implement Home Realm Discover (HRD).

However, all the logic for HRD is built into Lock. So, if HRD is required for use with Auth0.js, a custom solution is needed.

This article will explain how Enterprise Connections can be used with IdP domains for HRD.

Applies To

Home Realm Discover (HRD)
Auth0.js
Classic Universal Login

Solution

Lock.js retrieves the connection information from the 'https://<AUTH0_DOMAIN>/client/<client_id>.js' endpoint.

The endpoint returns up to 50 connections and exposes all the IdP domains.

If Auth0.js is used, then it is possible to obtain a list of associations between domains and connections using the above endpoint and then do an authorize() request with connection: "<the_connection_name>" in the options (like with social providers).

Note: When using the Classic Universal Login experience or a custom Login template, there may be concerns about the list of connectors and email domains exposed when using Home Realm Discovery.

It is possible to prevent that information from being exposed using the “Enable Publishing of Enterprise Connections Information with IdP domains” in Tenant Advanced Settings.

However, this toggle will update a file that lets Lock figure out the email domains related to SSO connections so it can forward the user to the right connection as they type the email. If this is turned off, Lock does not know about these email domains, so it will always wait for the password input (HRD -Home Realm Discovery- will stop working if that toggle is disabled).

In that case, the recommended alternative is to migrate to Auth0's New Universal Login Experience using Identifier First, which does not rely on a checked public file that includes enterprise connection information (all that logic is performed server-side).