Welcome back to the Auth0 Community!
The root cause of this sudden change could be your web browser. Over the weekend, your browser likely received an update that enabled strict Third-Party Cookie Blocking .
This browser update breaks the hidden iframe mechanism Auth0 uses to silently restore your session on localhost . Because the silent session restoration fails, your app forces a full, interactive login on every reload. The consent screen is appearing because Auth0 has a hardcoded security rule: applications running on localhost are never allowed to silently skip user consent.
Please try the following things and let me know if they work for you or not:
-
In Chrome: Navigate to
chrome://settings/trackingProtection(orchrome://settings/cookies) and either disable tracking protection temporarily or add[*.]auth0.comto the list of sites allowed to use third-party cookies. -
Since third-party cookies are going away permanently across all browsers, the modern best practice is to stop relying on the hidden iframe entirely by using Refresh Token Rotation.
- In your Auth0 Dashboard, go to your Application settings and enable Refresh Token Rotation .
- In your SPA codebase (if using
@auth0/auth0-reactor@auth0/auth0-spa-js), update your Auth0Provider/Client configuration to include:
useRefreshTokens: true,
cacheLocation: 'localstorage'
This allows the SDK to save a rotating refresh token in your browser’s local storage, surviving page reloads without ever needing to rely on third-party cookies.
- If you implement Refresh Tokens but still want to eliminate the consent screen on your very first local login, you must stop using
localhost.
If you have any other questions, let me know!
Kind Regards,
Nik