How can I persist authentication across different applications and domains in a micro-frontend architecture?

Is there a way to persist authentication between different applications that are hosted on different domains and may also be embedded within another website?
For example, suppose I have the following domains (all using the same Auth0 tenant):

I would like a user to log in on one of these sites and automatically be logged in on the others as well. For instance, if a user logs in on will-be-embedded.com, they should also be authenticated when they visit host1.com or another-host2.com.

I am particularly interested in persisting authentication in a micro-frontend architecture, where one website is embedded within another. For example, if a user is on host1.com and logs in through will-be-embedded.com (which is embedded within host1.com), they should be authenticated across the entire website, not just within the embedded component. Currently, I am experiencing issues with this scenario.

On my dummy test websites based on this Auth0 React sample, it seems to work. However, when I try to implement it with real websites, it does not work as expected.

Does anyone have any ideas or recommendations on how to implement this kind of functionality?

Hi @pruchay

Welcome to the Auth0 Community!

I am sorry about the delayed response to your inquiry!

If all the mentioned websites use Auth0 as their authentication method (under a single tenant) and all of them are using users stored inside the tenant, then you should be able to perform silent authentication whenever the user accesses either one of the websites after authenticating only in one of them:

if(isAuthenticated)
{
 getAccessTokenSilently();
}

By doing so, basically the user will be able to log in via SSO as long as their token is valid and by authenticating in a single website.

I understand that by using the sample React application, this behaviour appears to work as intend, most probably your application is not checking the user’s session properly or it was not configured to do so.

If I can help with any other questions on the matter, let me know!

Kind Regards,
Nik