I opened a pull request on auth0-spa-js package to add an option to specify the cookie domain. It was accepted and merged. It was accepted and merged in version 1.21.0 and later.
In your client configuration, add a cookieDomain option.
const auth0 = await createAuth0Client({
domain: '<AUTH0_DOMAIN>',
client_id: '<AUTH0_CLIENT_ID>',
redirect_uri: '<MY_CALLBACK_URL>',
audience: '<MY_AUDIENCE>',
cookieDomain: '.example.com',
})
NOTE: Top level cookie domains always start with a period ..
Use this configuration on each app/subdomain under the same top level domain and you’ll notice the auth0.{clientid}.is.authenticated cookie will exist on both. Signing in on one will result in you being signed in when you visit any others.
The auth0-spa-js package is used by most of the other auth0 plugins for Vue, React, etc. so client configuration should be virtually identical.