I’m encountering an issue with token management in my Flutter Web application using the Auth0 Flutter SDK. While desktop browsers function correctly, mobile browsers (Chrome, Safari, Edge) exhibit unexpected behavior after successful user authentication.
Symptoms:
- User is redirected to the Auth0 Universal Login screen.
- Upon successful login, Auth0 redirects back to the application.
- The application displays a white screen instead of the expected content.
Environment:
- Application domain: www.child.com
- Auth0 custom domain: login.parent.com
Suspected Cause:
Intelligent Tracking Prevention (ITP) in mobile browsers might be preventing the “3rd party cookie” (even though from a friendly domain) used for storing the Auth0 token.
Constraints:
- Maintaining separate domains for the application and the Auth0 custom domain is a hard requirement.
Attempted Solutions:
- Configured
useLegacySameSiteCookie: falseanduseRefreshTokens: trueinAuth0Web.onLoad. - Enabled “Rotation” in the Auth0 Dashboard > Applications > [my application] > Refresh Token Rotation.
Current Issue:
Despite implementing the above, the application throws an error after successful login or during application load while logged in. The error seems to originate from the getTokenSilently method.
Request for Assistance:
I’d appreciate assistance in resolving this error and successfully enabling Refresh Token Rotation for Auth0 Flutter Web.
Additional Information:
- I understand Refresh Token Rotation documentation for Flutter Web is limited.
- Any insights or suggestions would be greatly appreciated.