Hello,
Context: React dashboard using the Authentication API with a custom login page.
I have enabled a custom domain for my auth0 tenant and updated the domain value used in the Authentication api and jwt-middleware. According to the cors doc in auth0 this should prevent the need for a cors request when third-party cookies are disabled in the user’s browser. Originally, the login action did not work in Safari, as a cors request was being made and third party cookies were disabled by default. However, after implementing a custom domain, I was able to log in to my dashboard on Safari.
Applying the same custom domain logic, I wanted to see if I could log in to my dashboard on Chrome 65 when I blocked third party cookies (setting description: “Prevent third-party websites from saving and reading cookie data”) via the settings. Unfortunately, the login action returns the following error “http://localhost:3000/callback#error=access_denied&error_description=Unknown%20or%20invalid%20login%20ticket.&state=n6C4TkT6BF.nFU3HLjDJ77OMpE3PY.ym”. Is there something extra that Chrome is doing when third party cookies are blocked? As I am using a custom domain, there is no cors request and this should work. Please advise.
This is my config:
webAuth = new auth0.WebAuth({ domain: getEnv('AUTH0_CUSTOM_DOMAIN'), clientID: getEnv('AUTH0_SPA_CLIENT_ID'), redirectUri: process.env.NODE_ENV === 'production' ? `http://${window.location.host}/callback` : `http://localhost:${window.location.port}/callback`, responseType: 'token id_token', scope: 'openid email profile' });
Regards,
Vivek Patel
Blockquote