Third party cookies disabled - Chrome - Custom Domain Implemented - Error


Context: React dashboard using the Authentication API with a custom login page.

I have enabled a custom domain for my auth0 tenant and updated the domain value used in the Authentication api and jwt-middleware. According to the cors doc in auth0 this should prevent the need for a cors request when third-party cookies are disabled in the user’s browser. Originally, the login action did not work in Safari, as a cors request was being made and third party cookies were disabled by default. However, after implementing a custom domain, I was able to log in to my dashboard on Safari.

Applying the same custom domain logic, I wanted to see if I could log in to my dashboard on Chrome 65 when I blocked third party cookies (setting description: “Prevent third-party websites from saving and reading cookie data”) via the settings. Unfortunately, the login action returns the following error “http://localhost:3000/callback#error=access_denied&error_description=Unknown%20or%20invalid%20login%20ticket.&state=n6C4TkT6BF.nFU3HLjDJ77OMpE3PY.ym”. Is there something extra that Chrome is doing when third party cookies are blocked? As I am using a custom domain, there is no cors request and this should work. Please advise.

This is my config:

 webAuth = new auth0.WebAuth({
    domain: getEnv('AUTH0_CUSTOM_DOMAIN'),
    clientID: getEnv('AUTH0_SPA_CLIENT_ID'),
      process.env.NODE_ENV === 'production'
        ? `http://${}/callback`
        : `http://localhost:${window.location.port}/callback`,
    responseType: 'token id_token',
    scope: 'openid email profile'

Vivek Patel


1 Like

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?