Hello,
I’m having some trouble logging in on Safari probably because of itp as documented here in your docs https://auth0.com/docs/troubleshoot/troubleshoot-authentication/renew-tokens-when-using-safari. I’ve tried multiple workarounds and they all failed. Throughout this ticket, I will number the workarounds that I want your support in. I just want to note that I am using Passwordless Login, Management API, and the default single app as my setup.
First of all, in ALL browsers when the user clicks the magic link, he is redirected to my app again but not authenticated although I can see the access token in the url. I have to call getAccessTokenSilently() for the auth0 hook to detect that the user is logged in. 1) if you can solve this for me then that would be the ultimate solution to my ticket. Now the workaround that I mentioned which is getAccessTokenSilently() works perfectly for google chrome and the auth0 hook detects the user and everything is great. On safari, the getAccessTokenSilently() always returns “Login required”. After some research, I understood that is because of safari using itp technology and that there are two workarounds. First one, is Enabling Refresh Token Rotation and Allow Offline Access and using scope “offline_access”. I’ve tried all of that and I created a new API because Management API does not support "Allow Offline Access ". I thought that would solve the problem as it clearly stated in the docs but still it failed (this was tested on localhost). 2) Why did this fail??? Second solution is custom domain and I will go to that solution as a last resort. Now that I accepted the fact that safari is going to return a “Login failed” when I call the getAccessTokenSilently(), my workaround was that I was going to use the loginWithRedirect() so that the auth0 hook would detect the user. The weird thing that happens is that 50% of the time it works and the user is logged in automatically and 50% of the time the loginWithRedirect() method does not authenticate the user but returns a code and a state in the url. 3) Why does this happen and how can I solve it?
I would really appreciate a fast response as the launch date for the project is very close. Thanks in advance