Get help on Discord

Third-party SSO logins now work without cookies in Sanity Studio

8 replies
Last updated: Sep 12, 2022
Hi 🙂 According to these release notes , browsers who block third-party cookies should be able to login to the studio without requiring a user to manually change browser settings. I'm running on version 2.29 and it still doesn't work in Safari. We are using SSO though, so is that the reason it doesn't work?
AI Update

Yes, you're right that SSO is the reason it doesn't work! The cookieless login feature introduced in v2.28.0 works for regular Sanity logins, but there was indeed an issue with third-party SSO implementations that needed a separate fix.

Based on the thread you're referencing, cookieless logins do work for SSO, but it requires a specific implementation detail that might not be well-documented yet.

The solution: Your SSO implementation needs to redirect back to the studio with the session ID (SID) as a hash parameter instead of relying on cookies. In other words, after authentication, the redirect URL should include #sid=foo at the end.

Here's an example commit from Sanity's own community studio that shows how to implement this change.

The key change is modifying your SSO callback to append the session ID as a hash parameter rather than setting it as a cookie. This allows Safari and other browsers that block third-party cookies to still authenticate successfully.

If you're using the newer SAML SSO setup (not the legacy third-party login), you'll want to make sure your identity provider is configured to pass the SID in this way. If you're still having issues after making this change, I'd recommend reaching out to Sanity support as they can help debug your specific SSO configuration.

Yes - we're working on a fix though! Stay tuned 🙂
Any information on this? Is there a ticket or something to follow?
Ping:) Still no information on third-party cookies for SSO users? The lack of support for an alternative login approach is kind of a big deal i would say. For instance, the lack of support effectively blocks out everyone on iOS or safari and requires a manual exception on many other browsers. Yes, iOS users and users of other browsers could allow third-party-cookies, but come one, that is not really a serious option.
Sorry about the silence! It should be working now - are you still having issues? If so I'll have the support team follow up so we can debug this
Just upgraded to the latest version. I can’t get it to work. I still need to enable third party cookies for login to work. If this is fixed, i would really appreciate a follow up from the support team 🙂
Hi
user F
, thanks for your patience and apologies for only getting this information to you now. There was some confusion on our end as it's not well-documented yet, but we do indeed support cookieless logins for third-party SSO implementations.
To get it to work, the studio needs to get the session ID (SID) as a hash parameter. In other words, it should redirect back to the studio with 
#sid=foo
.
Here's an example from our own
Community Studio to illustrate the change: https://github.com/sanity-io/community-studio/commit/4a8446ce2a6600a502cfb87b1e2230bd0c8e6710
Let us know if you run into any issues or if I misunderstood that you're using the old SSO setup and not
the newer one .
Great stuff! It now works. Hopefully this will be referenced in the documentation on third-party logins
Thanks for confirming! We'll make a note to add this to the docs. Glad it's working now!

Sanity – Build the way you think, not the way your CMS thinks

Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.

Get started for freeExplore the demo

Was this answer helpful?