In our setup, we are utilizing Auth0 for user authentication across two distinct React applications. The Auth0 actions have been employed to manage specific custom flows within the authentication process. At present, I am seeking a solution to determine the origin of the user in the Pre-registration hook. Specifically, I need to identify from which of the two applications the user is initiating the registration process. Could you please provide guidance on how to achieve this? At present, we have two separate applications set up in Auth0, each corresponding to one of our React applications. However, we now intend to establish a scenario where both of these React applications can interact seamlessly with a single Auth0 application
Hello there @SujayPrabhu96 !
You should be able to get this information in the pre-registration Action itself - Specifically, the
Hope this helps!
Thank you for your reply. I am aware of this solution and this works when there are 2 Auth0 applications for 2 React applications. But I want to have single Auth0 application for 2 React applications
Ah, gotcha! Thanks for clarifying
That’s tricky and I can’t think of an easy out of the box solution so to speak - Out of curiosity, what’s the reason for wanting to have a single Auth0 application as opposed to 2?
We want to merge 2 Auth0 application into 1 to avoid maintaining 2 applications in Auth0 and when there is slightly different user flow, we feel it is unnecessary to have 2 applications.
I want to know your opinion on this. What is the approach that Auth0 suggests and are there any concerns if we have single Auth0 application instead of 2?
Awesome, thanks for clarifying!
The suggested approach is to use 2 separate applications in Auth0 - A handful of concerns might be security (introducing a greater CSRF attack surface, token leakage, etc.), configuration (callback urls, CORS settings, etc.), monitoring (same client id for separate apps could be hard to monitor), logout/session management, confusing permissions/user consent, among others.
What if I want to share login information among applications? Say, I have logged in for App1 & if I visit App2 I want myself to be in logged in state. Is it possible to achieve this without having single Auth0 application?
The user flow is roughly as follows:
- Login in App 1: The user logs into the first application. Auth0 sets an SSO cookie for the Auth0 domain.
- Navigate to App 2: The user then navigates to the second application. If you implement silent authentication, the application can check for the SSO cookie set by Auth0. If the cookie exists (and is valid), the user is considered logged in. If not, the user will be prompted to log in.
- Token Retrieval: Each application can independently retrieve tokens (ID tokens, access tokens, refresh tokens) from Auth0 upon successful authentication, which can be used for making authenticated API calls.
Hope this helps!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.