We have a web application that has its own login mechanism (users in a database, each user has a role with permissions, password login). Java / Angular based.
We are looking at embedding ( or redirecting to ) the UI of some of our other apps that are auth0 enabled ( SPA talking to an API ), wondering on the best way to manage this given we only want users to login once via the “parent” app and we can’t really move this to SSO right now (or perhaps, not clear on what that would look like)
I am thinking that a user logs in via the main application, if the login is successful, the application then makes a call to auth0 to get a token , this can be passed to the browser which can then use it to appear authenticated. Though I guess we would need to sync the users between the application and auth0. Or perhaps there is a solution using machine to machine tokens. I am not sure if this is possible or if it fits an existing flow and I just can’t see it
Thoughts and musings appreciated