Auth on 2 front-end repos for same app. How?

This is more of a strategy question.

My app consists of 3 different repos. 1 for the api, and 2 for the front-end.

In the front-end, 1 repo is the dashboard, and the other is a design editor. Users create a project in the dashboard and then open it in the editor.

I am rebuilding from scratch the API and the dashboard parts with Auth0, but the editor repo will stay the same for now.

Currently, the editor doesnt have any authentication because the user logins from the dashboard repo only. It relies on the dashboard to sent a JWT token (which receives from the API) that contains different project info (e.g. project ID), which can then be used to request from the API more specific info about the project e.g. the exact design.

This process is complicated and I am sure I can do this better with a UUID for each project maybe. Also I am using Hasura, which offers a more simplified permission system.

My question is, how do I add auth0 on the editor project as well?

For the dashboard I am using the auth0-spa-js library.

If I use the same library in the editor repo, then the access token generated on the editor will be the same with the dashboard as long I use the same domain, clientId and audience?

I am reading more on how this works.

The docs mention that the web worker local memory does not persist across tabs. But I can have it persist by using cacheLocation: 'localstorage'.

With this, does this mean I do not have to setup the Auth0 SPA lib on the design app repo?

I tried setting it when initializing the client:

this.auth0Client = await createAuth0Client({
                domain: options.domain,
                client_id: options.clientId,
                audience: options.audience,
                redirect_uri: redirectUri,
                cacheLocation: 'localstorage'

But in my browser’s localstorage I do not see the token displayed.

On the other hand, if I do setup the SPA lib on both front-end apps, and remove the cacheLocation property when initializing, will the user need to provide his credentials if he is already logged in in one of the two apps?

The ideal flow is:

  1. user logins in the dashboard
  2. Opens a design in a new tab without having to provide any credentials again.

I am new with building full stack apps so I dont quite understand what is the right thing to do.