Cookieless session management using NextJS


I’m building a webapp using NextJS and I’m optimizing for mobile devices, so I’m using an in-app authorization flow as users don’t tend to be logged in on their mobile browsers.

My users are very likely to open my webapp on an in-app browser and the problem that this has is that the auth0 callback will go to the system’s default browser, which doesn’t have the initial cookie that auth0 creates. Here’s an example:

  1. User receives the link through a Slack message.
  2. They open the link and it opens the inapp-browser.
  3. They try to login with Spotify.
  4. My webapp triggers the Android intent to open the inapp-authorization. Spotify opens.
  5. User approves the connection.
  6. Spotify oauth flow sends back the result to my tenant’s callback URL, which opens on the system’s default browser.
  7. Auth0 says that it couldn’t find the session.

What is the best way to support this use case?

Thanks in advance!