diff --git a/CHANGELOG.md b/CHANGELOG.md
index 597f10043b..2d0d4ebf8d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,9 @@
 - [#1062](https://github.com/okta/okta-auth-js/pull/1062)
   - Authn method `introspect` is renamed to `introspectAuthn` (still callable as `tx.introspect`)
   - `IdxFeature` enum is now defined as strings instead of numbers
+- [#1066](https://github.com/okta/okta-auth-js/pull/1066) Extends type `CookieOptions` from `js-cookie` v3
+  - Uses enums for `CookieOptions.sameSite`
+  - Removes type `SetCookieOptions`
 
 ### Features
 
diff --git a/lib/types/Cookies.ts b/lib/types/Cookies.ts
index c5f2105273..a6bd134aa3 100644
--- a/lib/types/Cookies.ts
+++ b/lib/types/Cookies.ts
@@ -10,20 +10,54 @@
  * See the License for the specific language governing permissions and limitations under the License.
  */
 
-export interface CookieOptions {
-  path?: string;
-  secure?: boolean;
-  sessionCookie?: boolean;
-  sameSite?: string | boolean;
-  expires?: Date;
+// From @types/js-cookie@3.0.1
+// https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-cookie
+// TODO: remove and import from "js-cookie" once it's upgrade to v3
+interface CookieAttributes {
+  /**
+   * Define when the cookie will be removed. Value can be a Number
+   * which will be interpreted as days from time of creation or a
+   * Date instance. If omitted, the cookie becomes a session cookie.
+   */
+  expires?: number | Date | undefined;
+
+  /**
+   * Define the path where the cookie is available. Defaults to '/'
+   */
+  path?: string | undefined;
+
+  /**
+   * Define the domain where the cookie is available. Defaults to
+   * the domain of the page where the cookie was created.
+   */
+  domain?: string | undefined;
+
+  /**
+   * A Boolean indicating if the cookie transmission requires a
+   * secure protocol (https). Defaults to false.
+   */
+  secure?: boolean | undefined;
+
+  /**
+   * Asserts that a cookie must not be sent with cross-origin requests,
+   * providing some protection against cross-site request forgery
+   * attacks (CSRF)
+   */
+  sameSite?: 'strict' | 'Strict' | 'lax' | 'Lax' | 'none' | 'None' | undefined;
+
+  /**
+   * An attribute which will be serialized, conformably to RFC 6265
+   * section 5.2.
+   */
+  [property: string]: any;
 }
 
-export interface SetCookieOptions extends CookieOptions {
-  path?: string;
+export interface CookieOptions extends CookieAttributes{
+  sessionCookie?: boolean;
 }
 
 export interface Cookies {
-  set(name: string, value: string, expiresAt: string, options: SetCookieOptions): string;
+  set(name: string, value: string, expiresAt: string, options: CookieOptions): string;
   get(name: string): string;
   delete(name: string): string;
 }