With the old flows, I was just using Auth0.js’ getSSOData method to detect if an SSO session existed, and if so, I would redirect to Auth0 to automatically log the user in.
I’ve heard that using getSSOData is discouraged now, but I can’t figure out what the “correct” way to detect this. Please note that I’m talking about the Auth0 session as mentioned in this document.
If your client is meant to detect an SSO session, the correct way would be to use silent authentication to detect this. Auth0.js (currently at v8) provides a method renewAuthas documented here to make this flow easier.