No verifier returned from client when falling back to Cross-Origin Verification

Some of our clients were facing an issue of localStorage not being accessible. Whether because they were in incognito mode or for some other reason. The only way for us to reproduce it is through incognito.

If I leave the cookies blocked, auth0 fallback to Cross-Origin Verification, as expected. The fallback URL is eventually calling crossOriginVerification which should have worked. However, I am getting an error: No verifier returned from client.

I decided to dig deeper into the auth0 library.

In the even listener, the resulting verifier is, in fact, empty. And in tryGetVerifier function, the implemented storage is actually not returning anything.

My question here, what is the mechanism for verification when localStorage is not available. How does the window in iframe get the verification information?

What is our best option to make is work and stable?

The issue is currently reproducible on

Thank you for the advice.