Thank you for the additional context, @truescope!
In the linked topic and in this case, it sounds like blocked third-party cookies could be the cause. To confirm, you can try adding the cacheLocation config to the Auth0Provider if you haven’t done so already:
const onRedirectCallback = (appState) => {
history.replace(
appState && appState.returnTo
? appState.returnTo
: window.location.pathname
);
};
ReactDOM.render(
<Auth0Provider
domain={config.domain}
clientId={config.clientId}
redirectUri={window.location.origin}
audience={config.audience}
scope="read:current_user update:current_user_metadata"
onRedirectCallback={onRedirectCallback}
useRefreshTokens={true}
cacheLocation="localstorage" // <-- add this config
>
<App />
</Auth0Provider>,
document.getElementById("root")
);
Also, are there are any places that you are calling getAccessTokenSilently? If so, any scope or audience passed should be listed in the Auth0Provider.
Note: there are security considerations for using local storage to store tokens: Token Storage
If this is the issue, using a Custom Domain is the recommended approach.