The behavior your describing sounds about right to me - I would expect the app to behave more or less normally until any sort of silent auth or re-auth occurs. At this point I would expect things to break down given the blocking of third party cookies.
Any tenant that does not have the ability to utilize a custom domain can get around third-party cookie issues by using refresh tokens / refresh token rotation . This is preferred to traditional silent auth which does rely on an auth0 cookie (third-party without a custom domain).
What makes refresh tokens / refresh token rotation preferred? Is it worth it to re-engineer our existing authentication for any particular reason? We have a custom domain, so things are working with the cookie.
With the B2C Essentials plan, you have access to one production tenant and two dev/staging tenants. Each tenant gives you the ability to specify a different custom domain which will satisfy your needs for your dev site. You can learn more about setting up multiple environments here.
All tenants will assume the subscription of the master tenant in the Auth0 Team account. Linking your production tenant to your Auth0 Team associated with your dev tenant and subsequently “upgrading” to the 500 user plan.
And you won’t have to pay for two subscriptions.
You can do one of two things:
Upgrade the tenant subscription which has Auth0 Teams enabled to 1000 users and link the production tenant.
Submit a support ticket on https://support.auth0.com/ to provision an Auth0 Teams account for your production tenant, then link the dev tenant to the new team.
Refer to this post on how to get Auth0 Teams enabled on your tenant. Tenants created before Nov 1, 2023 have to make a change in their subscription settings and it should take care of itself. I didn’t realize this at the time and I apologize!