Auth0 Home Blog Docs

Third party cookies disabled - Chrome - Custom Domain Implemented - Error

login
cookies
custom-domain
cors
third-party

#1

Hello,

Context: React dashboard using the Authentication API with a custom login page.

I have enabled a custom domain for my auth0 tenant and updated the domain value used in the Authentication api and jwt-middleware. According to the cors doc in auth0 this should prevent the need for a cors request when third-party cookies are disabled in the user’s browser. Originally, the login action did not work in Safari, as a cors request was being made and third party cookies were disabled by default. However, after implementing a custom domain, I was able to log in to my dashboard on Safari.

Applying the same custom domain logic, I wanted to see if I could log in to my dashboard on Chrome 65 when I blocked third party cookies (setting description: “Prevent third-party websites from saving and reading cookie data”) via the settings. Unfortunately, the login action returns the following error “http://localhost:3000/callback#error=access_denied&error_description=Unknown%20or%20invalid%20login%20ticket.&state=n6C4TkT6BF.nFU3HLjDJ77OMpE3PY.ym”. Is there something extra that Chrome is doing when third party cookies are blocked? As I am using a custom domain, there is no cors request and this should work. Please advise.

This is my config:

 webAuth = new auth0.WebAuth({
    domain: getEnv('AUTH0_CUSTOM_DOMAIN'),
    clientID: getEnv('AUTH0_SPA_CLIENT_ID'),
    redirectUri:
      process.env.NODE_ENV === 'production'
        ? `http://${window.location.host}/callback`
        : `http://localhost:${window.location.port}/callback`,
    responseType: 'token id_token',
    scope: 'openid email profile'
  });

Regards,
Vivek Patel

Blockquote