Unable to get login working with React using Safari and Brave

brett2 · August 8, 2023, 10:28pm

I am working on fixing the login for a React SPA app which has trouble logging in with Safari and Brave (w/ shields). I’ve gone through a bunch of community posts (some prior mine) and this, Troubleshoot Renew Tokens When Using Safari, and am still unable to get this to work.

React v18
@auth0 react v2.2.0

How things are setup

<Auth0Provider
    domain="auth.example.com"
    clientId="Z<SCRUBBED>xyz"
    authorizationParams={{
      redirect_uri: `${window.location.origin}/login-success`,
      audience: 'https://api.example2.com,
      scopes: 'openid profile email offline_access',
    }}
    useRefreshTokens
    useFormData={false}
  >

LoginSuccess looks like:

const LoginSuccess = () => {
  const { user } = useAuth0();
  const { data, loading, error } = useQuery(GET_USER);
  let redirect = false;
  if (user?.email_verified === false) {
    redirect = <Navigate to="/verify-email" />;
  }
  if (!loading) {
    if (data?.users?.me) {
      redirect = <Navigate to="/dashboard" />;
    } else {
      redirect = <Navigate to="/create-profile" />;
    }
  }
...
}

When using Safari or Brave the user var above is always undefined and thus, useQuery() never returns a value. All of this is fine on browsers not restricting 3rd party cookies (cross site tracking).

Token rotation is enabled and needed domains have been added to the settings.

We have even setup a custom domain of auth.example.com and still things aren’t working on these browsers.

If Safari cross site tracking is disabled, or Brave shields are disabled, all works as expected.

I am out of ideas and am hoping someone can help me figure out where things are not setup correct.

fyi, I am not a react developer so my milage there varies.

dan.woda · August 14, 2023, 3:53pm

Hi @brett2,

Can you try using the cacheLocation: 'localstorage' option in the Auth0Provider?

Here’s the doc for it: Auth0ProviderOptions | @auth0/auth0-react

brettski · August 14, 2023, 9:49pm

Hi @dan.woda. Adding cacheLocation made no difference.

Another finding is when useRefreshTokens is true, regardless of cacheLocation setting, Safari does not work correct with or without ITP setting.

It’s only when useRefreshTokens={false} does Safari work, and thus only with ITP disabled. Very strange I do agree.

I am on vacation this week so responses may be a little delayed.

dan.woda · August 15, 2023, 1:17pm

@brettski,

Thanks for the additional info. I’m going to close this topic as it looks like you have an open one on the same issue and an engineer is working with you towards a solution.

Please let me know if you need any help.

system · August 29, 2023, 1:17pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with login in browsers like Safari, Firefox, Brave Help login-experience , new-universal-login-experience	2	2152	September 21, 2023
Can’t get around Intelligent Tracking Prevention with Refresh Tokens after logging out the first time Help	2	1754	February 25, 2022
Custom domain not correcting Safari Login issue (ITP?) Help sessions , rotating-refresh-tokens	6	1226	August 22, 2023
React SPA failed logins on iOS and iPadOS in Safari and Chrome Help login-experience , new-universal-login-experience	0	12	October 30, 2024
After successful login token is not return and user is not logged in Help	4	6366	April 26, 2021

Unable to get login working with React using Safari and Brave

Related Topics