This behavior is caused by the browser blocking third-party cookies during silent authentication. Items stored in memory are lost on page refresh, including the Access Token and Refresh Token stored there. When this happens, the SDK will use silent authentication with an iframe and pass third-party cookies. However, as you have observed, third-party cookies are blocked by many browsers. You can use Auth0’s Custom Domain functionality to avoid this issue without using local storage.