Why does auth0.checkSession() function need cookies to be enabled? Is there a way we can pass all the required parameters without cookies? This is a show stopper for some browsers, as third-party-cookies are disabled by default.
When a user authenticates, a cookie is stored with the session details. This enables [checkSession] (Auth0.js v9 Reference) to acquire a new token from Auth0 for a user who is already authenticated against Auth0 for your domain.
For the [silent authentication] (Single Sign-On) to be possible, you must [Have a SSO cookie for the tenant’s domain (in other words, the user has previously signed in and their saved cookie is still valid);] (Single Sign-On). There have been internal discussions around this topic, but at the moment cookies need to be enabled for checkSession to work.
You see a video about how Auth0 handles sessions and cookies here: Token Storage