createAuth0Client() sometimes throws timeout error with /authorize 403

Hi Auth0 community,

I am working on a mobile app for iOS and Android which displays a JavaScript web app in a WebView.

The Auth0 part takes place in the JavaScript web layer.
I use the Auth0-SPA-JS-SDK version 1.20.1 for this.

The login and logout process works well up to a certain point.
When I log into the app and close the app and then after a few days when I re-open the app I sometimes get this error message:

I get a “Timeout” error that seems to come from the SDK and an HTTP 403 message from /authorize:

This is what my Auth0Client creation looks like:

  domain: data.auth0Domain,
  client_id: data.mobileAppClientId,
  cacheLocation: 'localstorage',
  useRefreshTokens: true,
  audience: 'production',

On top of that I could also detect an iframe from Auth0 which then also shows up in the DOM:

The app uses refresh tokens with rotation to bypass the ITP technology from WKWebView (Safari).

Actually, no Auth0 iframes should be used with activated refresh tokens, do I see that correctly? If so, is it possible that the SDK does a fallback under certain circumstances?

And my main question is what the 403 error means and how can I solve it. :slight_smile:

Thanks a lot in advance!