i have 2 SPA websites, but using 1.10.0 of the @auth0/auth0-spa-js package.
If i login to SPA 1 and from spa 1 i open a popup window and spa2 should load in an iframe, this works on most cases but we have seen that when using chrome in incognito mode the second spa will ask for a login.
if i login to SPA1 and then copy the SPA2 into another tab, then it will not ask for a login and load correctly.
If not using incognito mode it appears to work the majority of the time.
From what i can see SSO doesn’t appear to be working when in an iframe and incognito.