Call to authorize fails on Safari

Is there a recommended way of solving this issue? I’ve read the discussion on Failed Silent Auth - Login required, but there does not seem to be any resolve.

If anybody have any tips other than running in incognito mode or tweaking the Safari settings, I would be extremely grateful.

Good morning,

Have you tried setting up a custom domain: https://auth0.com/docs/custom-domains

1 Like

No, I’m still using the free plan. Is this the only solution?

Unfortunately, as of now, only the two things are recommended:

  • Enable a Custom Domain on your tenant and host your web application in a domain that has the same top-level domain as your Auth0 custom domain. For example, you host an application at https://northwind.com and set your Auth0 custom domain as https://login.northwind.com . This way the cookies are no longer third-party (because both your Auth0 tenant and your application are using the same top-level domain), and thus, are not blocked by browsers.

  • Provide a cross-origin verification page that will make cross-origin authentication work in a limited number of browsers even with third-party cookies disabled (see the browser testing information below).

1 Like

In addition to Karen’s suggestions, you can use refresh token rotation for silent authentication now (this was recently released). Some more info can be found here and here.

1 Like

Thank you both for your advise. @thameera, you say “In addition to Karen’s suggestion…”, but the first link you gave states that refresh tokens are an alternative to custom domains. Do I need to implement both a custom domain AND a refresh token, or will a refresh token suffice to work around the ITP problem?

Hey @OysteinAmundsen, refresh tokens will work even if you don’t have a custom domain. Reading my previous answer now, I see it can be confusing - I meant that this is another suggestion. :slight_smile:

It would still be ideal to have custom domains set up to make the experience more seamless, especially if you have more than one app (but I understand this means going for a paid account and might not always be an option).

1 Like