Auth0 Home Blog Docs

Can I use the Hosted Lock Page as Cross-Origin Fallback?



I am hosting the Lock page so that the modal can overlay the page without redirecting away from the page, and so that the user can remain on the current page when closing the login modal.

When third party cookies are disabled in the browser can I use the Hosted Pages as fallback? I don’t see why not, but I’m not sure how I would elegantly go about detecting lack of third party cookie support and redirect when a user clicks the login button.

It would be really useful if Auth0 - and Lock in particular - had a method for checking/reporting that third party cookies are disabled. Suggestions welcome.


I confess I got a bit confused with the question title because the cross-origin authentication process itself has the notion of a cross-origin fallback page for cases where the flow is still possible even if third-party cookies are disabled (see the browser matrix for more info).

However, what I think you’re referring to is just the possibility of using the hosted login page when cross-origin authentication is completely impossible. In this scenario then I would agree with you and this should be completely fine. In relation to a detection mechanism for third-party cookies being disabled I think the situation is a bit more complex, at least based on the process detailed here. If possible it may be acceptable to just try it and then if it fails go with hosted login page.