Ye, cookies being disabled for a site referenced by an IFRAME. Happens natively in Safari and plausibly by some sort of odd networks.
The resulting outcome was my software spamming auth0 endpoints until they got sick of it and gave me a timeout.
My bad, resolved.
Arguably though, I think its possible that some of the auth0 software examples encourage this breakage in the code-samples. The simple fix is to configure session state as cookie-less.