I have my SPA (Angular) setup exactly as described here. Also as described by the OP I do not have a custom domain.
I am still seeing third party cookies set and the login flow fails if I configure my browser to block third party cookies. The cookies in yellow below are getting blocked (it’s not clear to me why the others aren’t also blocked):
Is this setup possible without third party cookies?
Hi @ad-pics,
Welcome to the Auth0 Community !
I’m sorry for the late response, but just wanted to leave some notes regarding what might be missing here. In the post above mentioned, it was only briefly specified that Refresh Token Rotation should be used in order to avoid the use of silent authentication in SPAs, which relies on 3rd party cookies, so besides enabling Refresh Tokens, it would be mandatory to also Configure Refresh Token Rotation.
This should do the trick, but generally since many browsers still enforce strict 3rd party cookie policies, configuring a custom domain should be the best workaround to solve this cookies related issues.
Thanks,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
