Refresh token rotation: Failed to read the 'localStorage' property from 'Window'

I’ve recently updated to the “@auth0/auth0-spa-js” version 1.8.1 to be able to tap into the refresh token rotation flow. I’m setting the cacheStorage to localStorage to be able to retain the user session for the specified period of time. I’ve disabled the 3rd party Cookies in the browser to test the RT Rotation flow, but this leads to non-stop redirections to the Auth0 login page due to access to localStorage being also being blocked when the 3rd party cookies are blocked. The same behavior is also mentioned on the chromium.org page

Am I missing something here? I create the auth0 client using createAuthClient. The project is based on Angular 9 and the auth interceptor catches the error in the getTokenSilently as “login_error” and redirects again for login.
Having the 3rd party cookies enabled does not cause any issue.!

1 Like