Is it possible for different Auth0 Applications to share authentication info?

laboro18 · September 26, 2018, 9:15am

Hi all,

For example, users can login via an Auth0 SPA Application, and use the same token to authenticate themselves to another Auth0 API Application.

I was trying this out but got Error decoding signature errors.

john.gateley · September 26, 2018, 1:25pm

Hi laboro18

I think SSO would do what you want here, rather than sharing tokens.

John

laboro18 · September 27, 2018, 8:41am

Hi John,

Thanks for the reply. I’ve read through the SSO docs. Is SSO enabled by default? The docs essentially says to use universal login, which most of the samples and quickstarts appear to already use. Just double checking in case I missed something, thanks.

laboro18 · September 27, 2018, 9:25am

I am also confused as to how to implement a single sign out. Again I’ve read the docs - Logout. The docs talk about clearing application, auth0 and IdP sessions.
However https://YOUR_AUTH0_DOMAIN/v2/logout does not appear to work. The example repos also do not use this auth0 endpoint, instead they only remove their relevant cookie entries.

So I tried to combine them but without success. My user was still logged in on the other app.

#JS code snippet
logout () {
    // Clear access token and ID token from local storage
    localStorage.removeItem('access_token')
    localStorage.removeItem('id_token')
    localStorage.removeItem('expires_at')
    this.userProfile = null
    this.authNotifier.emit('authChange', false)
    window.location.replace('https://yourURLhere.auth0.com/v2/logout?returnTo=http%3A%2F%2Flocalhost:3000')
  }

A code snippet as to how to implement a single sign out would be helpful.

john.gateley · September 27, 2018, 2:40pm

Single sign out can be challenging. Without going into much detail, take a look at this page:

https://auth0.com/docs/libraries/auth0js/v9#polling-with-checksession-

John

markd · September 27, 2018, 4:51pm

Just thinking out loud (have not tried this) and doesn’t really solve OPs immediate problem, but: Would it be possible to implement single sign out with an OAuth enabled proxy? E.g., AWS load balancers now support OAuth for access control to resources behind the LB. Point the LB at an Auth0 client. User authenticates, SSO gets them into other apps behind the LB seamlessly. On logout, clear the LB token. Now the LB denies access to the other apps, even if the user has valid tokens for those apps.