How can I persist authentication across different applications and domains in a micro-frontend architecture?

pruchay · June 6, 2025, 11:56am

Is there a way to persist authentication between different applications that are hosted on different domains and may also be embedded within another website?
For example, suppose I have the following domains (all using the same Auth0 tenant):

https://will-be-embedded.com (can be accessed directly or embedded into other websites)
https://host1.com
https://another-host2.com

I would like a user to log in on one of these sites and automatically be logged in on the others as well. For instance, if a user logs in on will-be-embedded.com, they should also be authenticated when they visit host1.com or another-host2.com.

I am particularly interested in persisting authentication in a micro-frontend architecture, where one website is embedded within another. For example, if a user is on host1.com and logs in through will-be-embedded.com (which is embedded within host1.com), they should be authenticated across the entire website, not just within the embedded component. Currently, I am experiencing issues with this scenario.

On my dummy test websites based on this Auth0 React sample, it seems to work. However, when I try to implement it with real websites, it does not work as expected.

Does anyone have any ideas or recommendations on how to implement this kind of functionality?

nik.baleca · June 25, 2025, 3:19pm

Hi @pruchay

Welcome to the Auth0 Community!

I am sorry about the delayed response to your inquiry!

If all the mentioned websites use Auth0 as their authentication method (under a single tenant) and all of them are using users stored inside the tenant, then you should be able to perform silent authentication whenever the user accesses either one of the websites after authenticating only in one of them:

if(isAuthenticated)
{
 getAccessTokenSilently();
}

By doing so, basically the user will be able to log in via SSO as long as their token is valid and by authenticating in a single website.

I understand that by using the sample React application, this behaviour appears to work as intend, most probably your application is not checking the user’s session properly or it was not configured to do so.

If I can help with any other questions on the matter, let me know!

Kind Regards,
Nik

Topic		Replies	Views
How to persist my authentication across different apps Get Help single-sign-on	3	4252	April 14, 2020
SSO between different React Apps Get Help	5	4811	November 8, 2018
Sharing session between 2 web apps on different subdomains Get Help	11	14834	August 25, 2023
How to implement S-SSO cross domain Get Help sso , application	5	1626	April 22, 2024
Issues when implementing SSO between two auth0 SPAs Get Help auth0 , sso , spa , login , react	1	2006	July 20, 2022

How can I persist authentication across different applications and domains in a micro-frontend architecture?

Related topics