When I disable 3rd party cookies (eg - turning on “Block third-party cookies” in Chrome), then the MFA screen for my app shows a red banner with “WE CANNOT CONNECT TO REAL TIME CHANNEL.”
This issue persists even after clearing my cookies as suggested in this topic, which isn’t surprising since the auth0 cross origin authentication article explicitly states “disabling third-party cookies will make cross-origin authentication fail”.
However that same articles suggests using a custom domain to fix the problem - which is what my app is currently using. I have an app that lives at mySubdomain.myCustomApp.com, and I’ve enabled a custom login domain at login.myCustomApp.com.
Does my custom domain need to point to login.mySubdomain.myCustomApp.com to be considered a first party cookie?
OK. Interesting.
I actually fixed ours by changing:
" mfaServerUrl: “{{ mfaServerUrl }}”,"
to
"mfaServerUrl: “https://login.ourdomain.com/guardian/” in the Multifactor hosted page.