renewToken always results in login_required for non-social connections

Whenever I call renewToken, it always results in login_required error. I do not use any social connections, just plain email/password.

const authSettings = {
  domain: '',
  clientID: 'iv2PuRrlF7UrEaDBDzCx8ARUmO23r9R5',
  redirectUri: '',
  responseType: 'id_token',
  scope: 'openid email',

let auth = null
const getAuth = () => {
  if (auth) {
    return auth
  } else {
    auth = new auth0.WebAuth(authSettings)
    return auth

export const renewAuth = onSuccess =>
      usePostMessage: true,
      redirectUri: '',
    (err, authResult) => {
      console.log(err, authResult)
<!DOCTYPE html>

  <script type="text/javascript">
    // parent.postMessage({ type: 'auth0', hash: window.location.hash }, "http://app.development:3001");



Whenever I call renewAuth, it always logs #error=login_required&error_description=Login%20required from silent-callback.html.

3rd party cookies are causing the problem: Using renewAuth with 3rd party cookies disabled - Auth0 Community

So enabling cookies is the only way for a silent refresh? :confused: what’s the other option? Server side authentication?