We have several applications on multiple domains, and we would like to set up a SSO between all these applications. On some of these applications, we absolutely need to implement a silent authentication so that a user logged on DomainA.com will be automatically logged in when entering DomainB.com.
Could you please confirm if “third party cookies disabled” will be an issue here ? And if so, is there any workaround ?
This usually is not a problem if you use a single custom domain with universal login, but you could run into an issue with two separate domains and third party cookies disabled. Let me confirm with the team on this.
Indeed, we’re planning to use a single custom domain in Auth0, however, we won’t be using Universal Login (at least not yet).
DomainA.com would call the /authorize on auth.DomainB.com. This would return a Token to confirm the correct login. User would then be logged into DomainA.com.
When user open DomainB.com, it would launch a checkSession on auth.DomainB.com and should define that the user is already logged in.
In this scenario, we’d like to make sure users won’t be blocked by Third party cookies disabled.
I asked the team about this and they responded saying that in this scenario, the SPA will fail the silent token refresh (checkSession).
Hope this helps,
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.