@controlling that is correct. To echo what is stated in our above Cross-Origin Authentication documentation:
Limitations of Cross-Origin Authentication
Because cross-origin authentication is achieved using third-party cookies, disabling third-party cookies will make cross-origin authentication fail.
There are two approaches you can follow to remediate the issue:
- Enable a Custom Domain on your tenant and host your web application in a domain that has the same top level domain as your Auth0 custom domain. Example: Host your application at
https://northwind.com
and set your Auth0 custom domain ashttps://login.northwind.com
. This way the cookies are no longer third-party (because both your Auth0 tenant and your application are using the same top level domain) and thus are not blocked by browsers.- Provide a Cross-Origin verification page that will make cross-origin authentication work in some browsers even with third-party cookies disabled (see the browser testing matrix below).
These issues are another reason why the more practical solution is to use Universal Login.
Please let me know if this helps you in your quest. Thanks!