I am using the Auth0 Single Page Application API with the Universal Login. What are the configurations in the Auth0 dashboard to prevent Auth0 from using third party cookies? I want to use Refresh Tokens and Refresh Token Rotation, which I already have enabled in the dashboard. I’m using the Auth0Client.getTokenWithPopup and CreateAuth0Client methods to authenticate.
Hey there @bbarnell welcome to the community!
Using Universal Login paired with Refresh token exchange/rotation should be sufficient to avoid third party cookies in the context of authentication as it takes place over the same domain, eliminating cross-origin requests.
@tyf Are you saying it is not easily possible to use Universal Login with a free Auth0 account that does not allow Custom Domains? Many other community topics make it sound like it is easy to do.
Hey @bbarnell, the opposite actually! Universal Login paired with a refresh token flow does allow you to avoid the use of third party cookies, even without a custom domain. A custom domain would be required in an embedded login scenario.
In terms of dashboard settings - Your app should be configured to use refresh token rotation, and have the “refresh token” grant enabled. You will also need to enable “offline access” in whichever registered API you are using as audience.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.