Regarding managed hosting - I don't see a mention of using your own custom domain anywhere. Did I miss it? Which tiers can use custom domains, if they are supported?
Also, do you support m2m tokens, ie. client credentials flow? What are the limits, if any?
Our approach to sign-in pages is a bit different than Auth0's; instead of redirecting you to us, all of our components live on your very own website. The only time the browser will redirect to our domain is momentarily during the OAuth callback. We also don't brand our components, so your users may never even see that you use us for auth.
Is it possible for the OAuth callback url to be self-hosted on a free/OSS plan too? otherwise it would allow the cloud hosted app to intercept the token exchange flow of a client credential grant, wouldn’t it?
Also, do you support m2m tokens, ie. client credentials flow? What are the limits, if any?