First cross-origin login attempt on Safari fails, all other attempts succeed

I am using the cross-origin login method that can be found here:

This functionality works perfectly in Chrome and Firefox when third-party cookies are enabled. However, I am noticing strange behavior from Safari.

The first time a user attempts to log in on Safari, auth0 returns “Invalid Request” “No verifier returned from client.”

The user is then returned to my in-app login page.

When the user logs in a second time, auth0 returns a success and lets the user log in.

What gives? The call is exactly the same both times, but it seems like on Safari the call needs to fail once for it to work at all. Is this an issue with auth0? Like I said, this issue does not occur on Chrome or Firefox. Only Safari. And it only happens on the first login attempt.


Experiencing the same issue

Had the same issue. The reason is CORS and 3rd party cookie blocking which is default. Once the auth0 domain that provides the cookie is actually navigated to, on the second login attempt, safari will allow 3rd party cookies from that domain that it previously visited (within 24hrs).

The only way to resolve that I found working is using auth0 hosted page.

Are there any solutions to this besides using the auth0 hosted page? Having to log in twice is a dealbreaker for using cross-origin login. I am seeing this issue on mobile browsers as well - the first login attempt fails, but all other login attempts for that day succeed.

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?