Auth0 Login not working on the site when Third party cookies is disabled


Context: Webapage using the Authentication API with a custom login page.

I have enabled a custom domain for my auth0 tenant and updated the domain value used in the Authentication api and jwt-middleware. According to the cors doc in auth0 this should prevent the need for a cors request when third-party cookies are disabled in the user’s browser. The login action does not work in Safari or Google Chorme, as a cors request isbeing made when third party cookies are disabled .

The login action returns the following error “http://localhost:3000/callback#error=access_denied&error_description=Unknown%20or%20invalid%20login%20ticket.&state=n6C4TkT6BF.nFU3HLjDJ77OMpE3PY.ym ”.
Is there something extra that the browser is doing when third party cookies are blocked? As I am using a custom domain, there is no cors request and this should work. Please advise.

This is my config:

webAuth = new auth0.WebAuth({
domain: getEnv(‘AUTH0_CUSTOM_DOMAIN’),
clientID: getEnv(‘AUTH0_SPA_CLIENT_ID’),
process.env.NODE_ENV === ‘production’
? http://${}/callback
: http://localhost:${window.location.port}/callback,
responseType: ‘token id_token’,
scope: ‘openid email profile’

@sriramv same here, found a solution?

1 Like