Albin
Sorry, I don't know the answer to that. The OAuth2 rules are clear: the requesting JavaScript and the Redirect URL
must be in the same domain.
You might be able to fudge around that by having them in the same xxx.company.tld and fiddling with that, but I can't exactly remember how to do that off the top of my head.
Mike