Hi, we have been using custom domains to avoid any issue with browsers blocking 3rd-party cookies, but with chrome phasing them out, we now have an issue with localhost testing as localhost won’t match any custom domain, what is the best practice in this case?
FWI, we currently use the SDK for React SPAs.
@jean-francois were you able to find a solution for this?
I am having exact same problem. It can be solved by using refresh tokens, however this is not my case because I want to check in a different app, if user is logged in using getAccessTokenSilently (source) which doesn’t work if no refresh token is available yet.
I found a solution for Chrome.
You can allow 3rd party cookies here: chrome://settings/trackingProtection. Hopefully this option for opting-out will stay there even after chrome deprecates 3rd party cookies in Q1 2025.
I’m aware of the Refresh Tokens approach, as is this considered by auth0 the official “solution”, but it comes with it’s own drawbacks.
Force-enabling the 3rd party cookies in Chrome is a band aid, specially that it will go away, but also that local testing with other browsers is useful.
Our current workaround is just to side step auth0 locally (i.e. with a “fake” Access Token), but this is obviously not ideal.
