Third-party cookie will be blocked

Hi there @dubar.jeremy ,

Google’s plans include blocking third-party cookies, to be more specific. Cookies-based flows should not cause issues if Auth0’s and the application’s second-level domain are the same.

Ref:

This will also not affect a tenant using a Custom Domain with Auth0 and if the second-level domain matches the application’s domain.

Alternatively, you can integrate your SPA application with Auth0 to relay on refresh token rotation (which it looks like you already did :+1:)

Please let me know if you have follow-up questions about that.