FEAT override cookie domain option

__tests__/storage.test.ts

@@ -24,12 +24,13 @@ describe('CookieStorage', () => {
   it('saves a cookie with options', () => {
     const key = 'key';
     const value = { some: 'value' };
-    const options = { daysUntilExpire: 1 };
+    const options = { daysUntilExpire: 1, cookieDomain: '.example.com' };
 
     CookieStorage.save(key, value, options);
 
     expect(cookieMock.set).toHaveBeenCalledWith(key, JSON.stringify(value), {
-      expires: options.daysUntilExpire
+      expires: options.daysUntilExpire,
+      domain: options.cookieDomain
     });
   });
 
@@ -90,12 +91,13 @@ describe('CookieStorageWithLegacySameSite', () => {
   it('saves object', () => {
     const key = 'key';
     const value = { some: 'value' };
-    const options = { daysUntilExpire: 1 };
+    const options = { daysUntilExpire: 1, cookieDomain: '.example.com' };
 
     CookieStorageWithLegacySameSite.save(key, value, options);
 
     expect(cookieMock.set).toHaveBeenCalledWith(key, JSON.stringify(value), {
-      expires: options.daysUntilExpire
+      expires: options.daysUntilExpire,
+      domain: options.cookieDomain
     });
 
     expect(cookieMock.set).toHaveBeenCalledWith(

src/Auth0Client.ts

@@ -552,7 +552,8 @@ export default class Auth0Client {
     await this.cacheManager.set(cacheEntry);
 
     this.cookieStorage.save(this.isAuthenticatedCookieName, true, {
-      daysUntilExpire: this.sessionCheckExpiryDays
+      daysUntilExpire: this.sessionCheckExpiryDays,
+      cookieDomain: this.options.cookieDomain
     });
 
     this._processOrgIdHint(decodedToken.claims.org_id);
@@ -719,7 +720,8 @@ export default class Auth0Client {
     });
 
     this.cookieStorage.save(this.isAuthenticatedCookieName, true, {
-      daysUntilExpire: this.sessionCheckExpiryDays
+      daysUntilExpire: this.sessionCheckExpiryDays,
+      cookieDomain: this.options.cookieDomain
     });
 
     this._processOrgIdHint(decodedToken.claims.org_id);
@@ -761,7 +763,8 @@ export default class Auth0Client {
       } else {
         // Migrate the existing cookie to the new name scoped by client ID
         this.cookieStorage.save(this.isAuthenticatedCookieName, true, {
-          daysUntilExpire: this.sessionCheckExpiryDays
+          daysUntilExpire: this.sessionCheckExpiryDays,
+          cookieDomain: this.options.cookieDomain
         });
 
         this.cookieStorage.remove(OLD_IS_AUTHENTICATED_COOKIE_NAME);
@@ -803,15 +806,15 @@ export default class Auth0Client {
    * ```
    *
    * If there's a valid token stored and it has more than 60 seconds
-   * remaining before expiration, return the token. Otherwise, attempt 
-   * to obtain a new token. 
+   * remaining before expiration, return the token. Otherwise, attempt
+   * to obtain a new token.
    *
-   * A new token will be obtained either by opening an iframe or a 
+   * A new token will be obtained either by opening an iframe or a
    * refresh token (if `useRefreshTokens` is `true`)
-   
-   * If iframes are used, opens an iframe with the `/authorize` URL 
-   * using the parameters provided as arguments. Random and secure `state` 
-   * and `nonce` parameters will be auto-generated. If the response is successful, 
+
+   * If iframes are used, opens an iframe with the `/authorize` URL
+   * using the parameters provided as arguments. Random and secure `state`
+   * and `nonce` parameters will be auto-generated. If the response is successful,
    * results will be validated according to their expiration times.
    *
    * If refresh tokens are used, the token endpoint is called directly with the
@@ -901,7 +904,8 @@ export default class Auth0Client {
         });
 
         this.cookieStorage.save(this.isAuthenticatedCookieName, true, {
-          daysUntilExpire: this.sessionCheckExpiryDays
+          daysUntilExpire: this.sessionCheckExpiryDays,
+          cookieDomain: this.options.cookieDomain
         });
 
         if (options.detailedResponse) {

src/global.ts

@@ -209,6 +209,19 @@ export interface Auth0ClientOptions extends BaseLoginOptions {
    */
   sessionCheckExpiryDays?: number;
 
+  /**
+   * The domain the cookie is accessible from. If not set, the cookie is scoped to
+   * the current domain, including the subdomain.
+   *
+   * Note: setting this incorrectly may cause silent authentication to stop working
+   * on page load.
+   *
+   *
+   * To keep a user logged in across multiple subdomains set this to your
+   * top-level domain and prefixed with a `.` (eg: `.example.com`).
+   */
+  cookieDomain?: string;
+
   /**
    * When true, data to the token endpoint is transmitted as x-www-form-urlencoded data instead of JSON. The default is false, but will default to true in a
    * future major version.

src/storage.ts

@@ -2,6 +2,7 @@ import * as Cookies from 'es-cookie';
 
 interface ClientStorageOptions {
   daysUntilExpire: number;
+  cookieDomain?: string;
 }
 
 /**
@@ -41,6 +42,10 @@ export const CookieStorage = {
       cookieAttributes.expires = options.daysUntilExpire;
     }
 
+    if (options?.cookieDomain) {
+      cookieAttributes.domain = options.cookieDomain;
+    }
+
     Cookies.set(key, JSON.stringify(value), cookieAttributes);
   },