Account switching

Hi,

Is it feasible to use Auth0 to implement “account switching” similar to that implemented by Google i.e. maintain multiple current SSO sessions for distinct users attached to applications

e.g. /mail/u/0 and /mail/u/1 used by Gmail to navigate between multiple authorised sessions

Thanks,
Daniel

Hi Daniel,

That is a cool question. I don’t know the answer. I suspect it is possible, but a fair amount of work. A login session is represented by a cookie in the web browser, so you’d need some machinery to manipulate the cookie. This machinery is outside of what Auth0 currently does, so you’d need a web page to choose a session, that would swap cookies around. Along with the cookie swapping, you might have to keep track of access, id and refresh tokens.

I have worked with clients who solved this in a different way: they have a single account for each user, and the account has a list of personas that they are allowed to use. Then they switch from persona to persona. They log in once, to the account, and then have a selector for what persona they want to use. This isn’t what Google does, of course, but this is pretty straightforward to do, if it meets your goals.

John

1 Like

Hi John, appreciate the response.

Thanks for the idea of cookie swapping, although these would need to be Auth0 cookies right? So difficult for my app to control? Having independent sessions would require each independent session to perform at least silent SSO refresh independently / concurrently. Are there details of the specific cookies Auth0 uses to maintain SSO sessions? (I’ve looked but not seen a definitive list)

Regarding persona’s, thanks for the idea but it would not enable independent login sessions. And my independent, I mean independent except that they happen to occur on the same browser at the same time.

Thanks for the feedback.
Daniel

Hi Daniel,

I talked a bit with my coworkers, and I don’t have much for you.
The cookie idea probably wouldn’t work, as you pointed out.

Personas, as I suggested, or using redirect rules to an account chooser page, are what I have for you.

See this page for some info: https://openid.net/wg/ac/

Please submit feedback: https://auth0.com/feedback
And please give full details, including why “independent login sessions” are critical etc.

John

1 Like