Avoiding third-party cookies with custom domain

I want to enable silent token refresh on Firefox and Safari, which block many third-party cookies.

Currently, my domains are setup like this:

  • auth.example.org points to the login form hosted by Auth0
  • app.example.org is the resource that I want to grant access to

These share an SLD (example.org); does this mean that the app will have access to the appropriate Auth0 cookies?

Do I need to change my DNS entries to get this working?

Hey there @abcdef welcome to the community!

With a custom domain in place your app will have access to necessary cookies while being able to avoid the use third party cookies.

There are minor steps you need to take to essentially verify your domain - It depends on if you plan to use Auth0-Managed certificates or self-managed certificates.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.