Safari throws exception when calli… | Apple Developer Forums

Safari throws exception when calling requestStorageAccess

I have to say Safari's (webkit) implementation of Intelligent Tracking Protection (ITP) and the Storage Access API has been challenging to get right.

Situation:

We have a company that has grown through acquisition and we are trying to implement a unified authentication scheme that uses cross-domain access to tokens stored in cookies
Each portal implementing the scheme will have an iframe that hosts a component from an authentication domain and will use postMessage() to check for the existence of the necessary authentication token.
The initial implementation worked for Chrome/Edge/Opera/other Chromium browsers, but needed to be adjusted to implement the Storage Access API to allow the authentication component to request 1st party storage access.
This worked as documented in Firefox
Safari throws an exception when requestStorageAccess() is called and the error object is undefined

Here is some examples of the relevant code:

Iframe

<iframe  class="portal-navigation-frame" allowtransparency="true"
  style="position:absolute; top: -60px; right: -250px;display:none;"
  id="authFrame" 
  sandbox="allow-scripts allow-storage-access-by-user-activation 
  allow-same-origin allow-top-navigation allow-forms"
  src="@Constants.AuthenticationUrl"></iframe>

Authentication Component

const authorizeStorageAccess = async () => {
  if (document.hasStorageAccess) {
    try{
      if (await document.hasStorageAccess() == false) {
        console.log("authCommunicationService.authorizeStorageAccess", "does not have storage access");
        if (document.requestStorageAccess) {
          await document.requestStorageAccess();
        } else {
          console.log("authCommunicationService.authorizeStorageAccess", "requestStorageAccess not available");
        }
      }
      else {
        console.log("authCommunicationService.authorizeStorageAccess", "already has access");
      }
    }
    else {
      console.log("authCommunicationService.authorizeStorageAccess", "already has automatic 
  access");
    } catch (err) {
      console.log("authCommunicationService.authorizeStorageAccess", "error", err);
    }
  }
};

Note: authorizeStorageAccess is called from a button event handler and only after the user has been redirected to the authentication domain to login and returned.

Any assistance would be greatly appreciated.

Jason