Hi, We’re building a product. Users log in on main site example.com, and install our widget (via npm) on their site like demo.com. I want the widget to detect if the user is logged in on example.com (same browser) using Auth0 SSO.
What is the right approach for cross-domain auth with Auth0, or would you recommend a better pattern?
Hi @zohaibt
Welcome to the Auth0 Community!
Basically, if an user is required to authenticate in order to install the widget on their site, you would need to check if the user has a valid Auth0 session and retrieve the access token that was issued.
For example, when using React, the application would check if they have a valid session by using isAuthenticated then retrieve the access token using getAccessTokenSilently().
Regardless if the widget is installed on a separate domain then the one used for authentication, the point of origin should still be your URL from the widget and the user authenticates against your tenant, not against their own user store.
If you have any other questions, let me know!
Kind Regards,
Nik