I’m currently trying to integrate my SPA into another application. To make things easy I’ve opted to use an iFrame for this purpose.
I will refer to my SPA as app 2 and the other application as app 1.
Both applications are connected to auth0, and I’ve added ´app 1´ as a custom-social-connection in ´app 2´, so that users from ´app 1´ can seamlessly login to ´app 2´.
Now, I understand that Auth0 can’t/shouldn’t be rendered within an iFrame (or at least I have to disable clickjacking), however, what I’ve managed to test locally, handling all authentication prior to rendering the iFrame will avoid any redirections to Auth0 in the iFrame and thus avoiding rendering Auth0 within an iFrame.
I was able to do this on two applications, each connected to their respective auth0 tenants, both applications running on localhost. I handle the authentication towards ´app 2´ by using the social login authentication API, and after successful login, a cookie is set in the browser remembering the session. Thus, when I render app 2 in an iFrame, it will recognize this user as being authenticated and will not redirect to Auth0. Everything works, as I assume, locally, both applications share the same domain (localhost).
The issue arises when I go into production, where ´app 1´ and ´app 2´ now have their own domain: ´domain 1´ and ´domain 2´, respectively.
In the production environment the cookies that allowed everything to be seamless now can’t be set as, what I assume, is due to third-party cookies getting blocked by the browser. I realize that my auth0 tenants are still allowed to set cookies, as the cookies from the auth0 domain are still getting set.
So, my stupid question is then, how do I allow cookies from ´domain 2´ to be set in ´domain 1? As I can read these cookies are auth0 cookies (they have auth0 in their name), which I don’t manage on either server.
An example of these cookies is the auth0.client-id.is.authenticated.
The cookie from my auth0 tenant domain2.eu.auth0 is set, i.e., auth0, auth0_compat, did etc.
I also attach this illustration I’ve sketched out of my understanding of what’s happening.
