I am using my own gotrue-js widget, which does take advantage of the nf_jwt cookie. Turns out this issue is not limited to iOS Firefox, as it occurs on iOS Chrome and both iOS and Mac Safari as well. I’ve made sure all browsers are accepting cookies, and verified with this demo: https://www.w3schools.com/js/js_cookies.asp
Any other ideas on what it could be? Debugging reveals that a call was made to .netlify/identity/token which returned a 400 and the following:
"error_description": "Invalid Password"
and a call to .netlify/identity/user returned a 401 with the following:
"msg": "This endpoint requires a Bearer token"
Not sure if this means anything, but a valid user token was sent to /user, but the Authorization for /user was basic, not bearer. I can provide more information on the requests if needed.