Safari login impossible without paid plan?

Can someone confirm my findings that custom domain (ie. paid plan) is required for Auth0 SPA SDK to work on browsers that block 3rd-party cookies (ie. Safari)?

  1. Login using Universal Login works
  2. User is redirected to my site
  3. User reloads page
  4. Safari does not send cookie to 3rd-party domain
  5. Silent login fails
  6. User must login again

The only solutions I see are:
a) enable custom domain (used by the OP of my first reference below)
b) store token in localStorage which is seems Auth0 itself discourages
c) tell every potential customer of mine to disable tracking prevention

Are there any other other solutions?

Thanks!

References:

1 Like

Refresh token rotation (which was recently released) is another solution. Check the discussion here: Call to authorize fails on Safari - #5 by thameera

The newer versions of SPA SDK lets you use localstorage as an option to store these refresh tokens. See the note here: Auth0 Single Page App SDK

3 Likes

Thanks for sharing that knowledge @thameera!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.