How to get an opaque token without 3rd party cookies

jtso · December 29, 2020, 7:03pm

Hi, we ran into issues with getting tokens on browsers that block 3rd party cookies. We solved the issue for getting JWTs by setting useRefreshToken=true when creating the Auth0 client, enabling refresh tokens and rotation in the management console settings, and allowing offline access for the custom API that we were using as the audience for that JWT.

However, we still cannot seem to get the proprietary opaque token (when audience is not specified) without 3rd party cookies. Any tips? Thanks.

dan.woda · December 30, 2020, 10:24pm

Hi @jtso,

Welcome to the Community!

If you omit the audience param you should receive an opaque token. Using cookies vs. refresh tokens for silent authentication shouldn’t have an effect.

jtso · January 4, 2021, 7:23pm

Hey @dan.woda,

Thanks for the welcome. With third-party cookies enabled, we were able to obtain the opaque token by omitting the audience param. However, with third-party cookies disabled, with omitting the audience param in getTokenSilently, we are getting back undefined.

dan.woda · January 4, 2021, 11:21pm

Are you seeing an error come back? If you disable third party cookies then getTokenSilently may not work. Depending on if you are using refresh token rotation.