Yay! @auth0 released support for refresh token rotation, and updated SDKs (the SPA one in particular) to take advantage of the feature.
Say bye-bye to session cookie issues in your SPAs :D https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/
Say bye-bye to session cookie issues in your SPAs :D https://auth0.com/blog/securing-single-page-applications-with-refresh-token-rotation/