Potential Impact of Chrome Disabling Third-Party Cookies on Auth0 Functionality

Hi there,

I’m reaching out to inquire about the potential impact of Chrome’s upcoming changes regarding third-party cookies on Auth0’s functionality. As you may be aware, Chrome is planning to disable third-party cookies by default in the coming months.

My understanding is that Auth0 utilizes cookies for certain functionalities. For instance, if I open a new page in a separate tab while allowing cookies, everything works as expected. However, if cookies are restricted, I’m redirected back to the default page.

Could you please clarify how these changes might affect Auth0 and if there are any recommended configurations or workarounds to ensure continued functionality?

Thank you for your time and assistance.

Hey there @arie26 ,

From my side, happy to start with the known workarounds -

  1. Do not rely on silent authentication (cookies-based) if your applications and Auth0 tenant don’t share the same second-level domain.

  2. In the above scenario, leverage refresh token rotation instead (a common authentication and authorization pattern for SPAs). More here :slight_smile: