How to get an opaque token without 3rd party cookies

Hi, we ran into issues with getting tokens on browsers that block 3rd party cookies. We solved the issue for getting JWTs by setting useRefreshToken=true when creating the Auth0 client, enabling refresh tokens and rotation in the management console settings, and allowing offline access for the custom API that we were using as the audience for that JWT.

However, we still cannot seem to get the proprietary opaque token (when audience is not specified) without 3rd party cookies. Any tips? Thanks.

Hi @jtso,

Welcome to the Community!

If you omit the audience param you should receive an opaque token. Using cookies vs. refresh tokens for silent authentication shouldn’t have an effect.

Hey @dan.woda,

Thanks for the welcome. With third-party cookies enabled, we were able to obtain the opaque token by omitting the audience param. However, with third-party cookies disabled, with omitting the audience param in getTokenSilently, we are getting back undefined.

Are you seeing an error come back? If you disable third party cookies then getTokenSilently may not work. Depending on if you are using refresh token rotation.