Safari blocks Auth0 auth cookies in iframe

Problem statement

Our application is hosted on third party partner platforms via iframe. It is not possible for us to implement a popup for the login process, since we need to be able to call the login() method in the background, without user interaction. This is what we are doing currently for the initial signup of the user: We do signup() and then an immediate login(), so that the application is authenticated instantly.

Safari (and iOS devices) are the most strict when it comes to third party cookies. We get an “access_denied” error.

Solution

Utilize the Storage API - Updates to the Storage Access API | WebKit

1 Like