Safari Blocks Auth0 Auth Cookies in iFrame

Last Updated: Nov 12, 2024

Overview

This article describes a scenario where an application is hosted on third-party partner platforms via iframe and it is not possible to implement a popup for the login process since there is a need to call the login() method in the background without user interaction.

Currently, for the initial signup of a user, there is the signup() and an immediate login() so that the application is authenticated instantly.

Safari (and iOS devices) are the most strict regarding third-party cookies. An “access_denied” error is received.

Applies To

  • Third-party cookies
  • iFrame

Cause

When the application runs on an iframe, all the cookies are considered third-party.

Solution

Utilize the storage API - Updates to the Storage Access API.

1 Like