Auth0 Failed Silent Auth on Safari/iOS Chrome Mobile with Rotational Refresh Tokens ON and Custom Domains ON

Hi tere,

Here is the situation:

This works:
I have setup my production site(eg: www.production.com) with the custom domain like auth.production.com at Auth0 dashboard. After authorizing from Auth0 it goes back to www.production.com successfully on all browsers and iOS devices.

This doesn’t work
However, when I test Auth0 Universal Login on my staging domain(eg: www.staging.com) this doesn’t work at all.

Before this post, I have tried all relevant solutions:

1 Set up rotational refresh tokens and use useRefreshTokens={true} and cacheLocation="localstorage" in my latest Auth0 React SDK "@auth0/auth0-react": "^1.8.0".

See in this link community.auth0.com/t/silent-authorization-not-working-after-login-signup/37114

2 Double checked on Refresh Token Rotation

3 Went through Troubleshoot Renew Tokens When Using Safari

I made sure when I turned off Prevent cross-site tracking my staging domain worked.

So, after all that, can you please give me some directions on develop and staging envs solutions? What if those domains are all separate without sharing the same parent domain?

Do I have to purchase another tenant for different envs? I’m afraid that this is going to make the development process very complicated as I have to do data transition a lot!

Or, can I have multiple custom domains for all my different envs?

Thanks!

I think I found out the root cause:

When you call getAccessTokenSilently are you using the same audience and scope that is set in the Auth0Provider? I’ve seen in some cases that silent auth will be required because a new scope or audience is requested after the app initiates. Silent …

By the way, this is definitely a new thing, as earlier this year all above worked, but somehow recently I found out we will need to pass in exact both scope and audience to Auth0Provider.

Can can I track those software updates by the way?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi team! :wave:

This is a heads-up that we’re hosting an Ask Me Anything (AMA) session :loudspeaker: on our new Multiple Custom Domains (MCD) capability. Our Platform Infrastructure Product Manager, Pawan Bhardwaj, will be live on June 25, 2025, from 9 AM to 11 AM PST :spiral_calendar_pad: to answer all your questions—from high-level strategy to specific technical implementation.

You can submit your questions from now until June 24 :pencil2:, and we’ll provide detailed written answers during the live event.

If you have any questions about managing multiple brands :office:, creating tailored login experiences :art:, or simplifying your architecture with a single tenant :gear:, feel free to drop them in this thread. We look forward to your questions and seeing you there!

June 25 Auth0 Community Ask Me Anything: Multiple Custom Domains