Auth0 Home Blog Docs

Silent authentication alternative ( Safari , cross-origin tracking )

#1

I have a universal React app; currently authentication is being handled client-side in SPA mode. This works great, except in Safari, where webAuth.checkSession utterly breaks unless the user disabled cross-origin tracking.

I’m considering alternatives. One way is to handle refresh server side through and API/Resource server, asking it to verify session using non-expired access tokens. I’m wondering if this is a supported, or at least not discouraged workflow; the API server is our owned api in this scenario.

Another possibility is forcing the universal app to handle authentication server-side only, mimicking a traditional SSR app.

A third is using custom domains, but that would require some additional organizational buy-in, and frankly seems inelegant for a basic auth feature.

Advice would be much appreciated!

#3

Hey there @akotlar, when you see the issues with webAuth.checkSession is it presenting an error message? When you reference custom domains as an inelegant solution I would like to have a better understanding of what you mean so I can relay the feedback. Below I have referenced a similar thread that came to the conclusion that using a custom domain helped resolve the situation. Please let me know if you have any questions as I am happy to help, Thanks!

#4

Hi there @akotlar, I was hoping to find out how things are going and if you have any more questions on this topic? Please let me know if you need any assistance!

1 Like
closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.