Hi @jamie.richards ,
Assuming that in these client apps, there is a “login” button visible for end users only if they are not logged in (they have no valid session), you can check how you handle the click event for this button.
For example, in this SPAs related doc, clicking the login button invokes the loginWithRedirect() [a call to Auth0’s /authorize endpoint] to the auth0’s login page.
<button id="login">Click to Login</button>
//redirect to the Universal Login Page
document.getElementById('login').addEventListener('click', async () => {
await auth0.loginWithRedirect();
});
You can try to adjust it to redirect users to your centralised php login portal URL instead, where they can start the proper authentication flow. However, I’m not sure how that would affect the rest of your authentication login flow (you may potentially refer to the login with redirect later in your code).
In general, in these client apps, you may want to review what’s going on around checking the authentication status [isAuthenticated() method] and if you can see the login with redirect to the Auth0 there, which is unwanted in your case.
Thanks,
Marcelina
Want to join our next Community Interactive Q&A with our experts? This time we’re gonna talk about Auth0 Terraform Provider