Account switching

danielharvey · February 21, 2020, 10:07am

Hi,

Is it feasible to use Auth0 to implement “account switching” similar to that implemented by Google i.e. maintain multiple current SSO sessions for distinct users attached to applications

e.g. /mail/u/0 and /mail/u/1 used by Gmail to navigate between multiple authorised sessions

Thanks,
Daniel

john.gateley · February 21, 2020, 2:21pm

Hi Daniel,

That is a cool question. I don’t know the answer. I suspect it is possible, but a fair amount of work. A login session is represented by a cookie in the web browser, so you’d need some machinery to manipulate the cookie. This machinery is outside of what Auth0 currently does, so you’d need a web page to choose a session, that would swap cookies around. Along with the cookie swapping, you might have to keep track of access, id and refresh tokens.

I have worked with clients who solved this in a different way: they have a single account for each user, and the account has a list of personas that they are allowed to use. Then they switch from persona to persona. They log in once, to the account, and then have a selector for what persona they want to use. This isn’t what Google does, of course, but this is pretty straightforward to do, if it meets your goals.

John

danielharvey · February 22, 2020, 2:20am

Hi John, appreciate the response.

Thanks for the idea of cookie swapping, although these would need to be Auth0 cookies right? So difficult for my app to control? Having independent sessions would require each independent session to perform at least silent SSO refresh independently / concurrently. Are there details of the specific cookies Auth0 uses to maintain SSO sessions? (I’ve looked but not seen a definitive list)

Regarding persona’s, thanks for the idea but it would not enable independent login sessions. And my independent, I mean independent except that they happen to occur on the same browser at the same time.

Thanks for the feedback.
Daniel

john.gateley · February 24, 2020, 4:12pm

Hi Daniel,

I talked a bit with my coworkers, and I don’t have much for you.
The cookie idea probably wouldn’t work, as you pointed out.

Personas, as I suggested, or using redirect rules to an account chooser page, are what I have for you.

See this page for some info: Account Chooser & Open YOLO (You Only Login Once) Working Group Homepage | OpenID

Please submit feedback: Auth0: Secure access for everyone. But not just anyone.
And please give full details, including why “independent login sessions” are critical etc.

John

roelandmoors · January 10, 2022, 12:37pm

clerk.dev has this:
Session management as a service | Clerk (search for multiple sign-ins)

This could be useful for a SaaS where I have a personal account and a professional account.

But I’ll stay with Auth0 and implement the ‘personas’ idea. Seems less complex for my case. I only need to find a way to get that persona in the JWT token but I think that can be done with rules.

Topic		Replies	Views
Is it Possible to Implement Cross-Browser SSO? Knowledge Articles sso-integration	1	602	October 26, 2023
Allow one auth0 user to login to second auth0 user seamlessly and within same app Help	2	2609	May 31, 2022
Switching between apps Auth0 Help	2	3601	August 30, 2019
Question on Implementation of SSO with multiple web applications Help	3	3532	November 21, 2018
Disable SSO Session/Cookie entirely Help auth0 , sso , session , cookie	5	10535	August 27, 2019

Account switching

Related topics