Please include the following information in your post:
-
Which SDK this is regarding: @auth0/auth0-spa-js
-
SDK Version: 1.13.2
-
Platform Version: N/A
-
Code Snippets/Error Messages/Supporting Details/Screenshots:
N/A - Happy to provide as necessary -
Is this a feature request or bug report? May be a bug, I don’t know.
I am using the Auth0 SPA SDK to authenticate users for my single page application. This single page application utilizes many backend applications, all of which have protected endpoints that require a JWT in a Bearer authorization header. As such, I use the sdk’s silentAuth capabilities to fetch access tokens on behalf of a logged in user before making a request to an API’s endpoint. This works perfectly using a desktop web browser.
For some reason, this does not work on mobile. If I visit the same page using my mobile chrome and safari browsers, the silent auth fails with a login_required code. My understanding is that silent auth would fail with this error code if the required auth0 cookies are not found on the user’s browser session. To my knowledge, I am not doing anything differently between my web use and my mobile use. Is this a known limitation of Auth0 & mobile browsers?
Any help or suggestions on how to further debug are very helpful. Thank you!
Edit: This is also occurring on desktop safari browser. From my other research, it seems this is expected as Safari does not allow 3rd party cookies? This still doesn’t really explain though why the issue occurs on Chrome Mobile Browser.