I am attempting to use Guardian multi-factor authentication (via SMS) in my application. When 3rd party cookies are disabled (such as by default in Safari) the MFA fails with the error message “WE CANNOT CONNECT TO REAL TIME CHANNEL”. This is because it is trying to set a cookie from a different domain “*.au.auth0.com” than my application.
Fair enough, this is the reason that custom domains are supported. But I have now registered a custom domain “auth.my_project.com” with a CNAME pointing to my auth0 domain. And unfortunately Guardian MFA still fails with the same error message. My browser tells me that the page is still trying to set cookies from “auth0.com” and “my_project.guardian.au.auth0.com”. The URL of the actual current page does show correctly as “auth.my_project.com” at least.
Do I have my Guardian MFA configured incorrectly? How can I configure it such that these cookies are set from my own subdomain so that it will work with Safari?