I am currently using Auth0 in order to authenticate users to a SPA and to allow them to make calls to an API.
In order to improve the solution I want users to be able to write/read secrets stored in a Vault (Hashicorp Vault) directly from the SPA.
This means that i’ll have 2 applications with different client_id configured in Auth0 : the SPA and a regular web App for Vault.
To simplify user’s experience I want them to authenticate only once on the SPA and to automatically have access to their personal secret store in Vault.
I feel that this is possible as both applications are in the same domain however i can’t figure how…