Iframe Login - Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document

Hello team, we are facing an issue when some users have blocked third party cookies.

image1108×667 47.4 KB

I understand that cookies is essential for getTokenSilently() to work based on this post Why is authentication lost after refreshing my single page application?

I have followed the recommendations highlighted in the same post to try resolve the issues with third party cookies, but still I am unable to get the error to go away.

We have a custom domain set, but does not seem to work.

Context:
We have a project that uses iframe to load some contents, this iframe window needs people to login using SSO, auth0, so we trigger client.loginWithPopup() from the iframe, then the user should be able to have a session within the iframe and complete the next steps in their profile within the iframe.
The iframe loads from a different URL that is does not match the main window origin.
For example:
iframe origin is https://app.app-site.com
parent window origin is https://main-site.com

This is my code:

image1111×1027 86.7 KB

This is my refresh token setup:

image1407×1162 83.4 KB

UPDATE:

I just did further tests, and this issue happens specifically when running my app from the iframe as explained above where my iframe loads from a different domain not the same as the parent main window.

Hi Robert,

You should set Content Security Policies properly to access all domains from your iFrame. Looking into web console might give you some information about your error too.

@spoudel Unfortunately we donot have access to the server/iframe configuration to be able to do this, we’re only able to modifying the contents rendered within the iframe.

I came across this post Using Auth0 login in iFrame - #5 by tyf which I believe answers our issue that;

“New Universal Login does not support the use of iframes.”

unless this has been fixed?