Using universal login with a SPA which needs to authenticate against an API; the login flow is as follows:
- User arrives at site.
- If user is not logged in they are redirected to the Universal Hosted Login page
- On successful login user is redirected back to site
- We call getTokenSilently (this fails due to third-party cookie being blocked)
- We call getTokenWithPopup (this fails as popups are blocked in safari by default with desktop and mobile)
Reason cookies are blocked:
Is there a solution to mitigate this issue or as it stands is it currently impossible to authenticate against an API with Universal Login in Safari?