Auth0-spa-js silent login issues "Samesite Cookie" issue

Hello,

I have my login flow working, but am frustrated with having to re-login each time I visit my app. I want to set up a silent login inline with suggested security protocols for SPA’s.
Currently, I am getting a warning
A cookie associated with a cross-site resource at <URL> was set without the SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure.
I am wondering if this is causing me from not being automatically logged in, having previously logged in with a username and password.
I have previously looked through articles regarding upcoming changes in cookies, and updated my npm package of auth0-spa-js to 1.16.3.

Hi @nsena, you can safely ignore that warning. Please see the explanation here: Auth0 Chrome SameSite issue

1 Like

Thank you @thameera

What resources do you recommend for integrating silently logging in using the auth0-spa-js library?

Have you had a look at the getTokenSilently() method? https://auth0.com/docs/libraries/auth0-spa-js#get-access-token-with-no-interaction

Hi @thameera thank you for the reply. I had visited this page prior and seen that call, having tried it out myself. I was seeing errors saying the reason was login_required. I had difficulty finding the relevant API settings, but will try once more.
I was testing in localhost and I see that user consent cannot be skipped on localhost. Is there a way I can test this before moving into production?

The login_required error is sent when the user hasn’t already logged in (or due to browser issues like cookies being blocked). You may also find the discussion in this thread interesting: Working with auth0-spa-js locally

For the consent screen issue with localhost, you can add a non-localhost domain in /etc/hosts as described here: https://auth0.com/docs/api-auth/user-consent#skip-consent-for-first-party-applications

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.