I need to enable SSO between my customer’s website and my API.
The customers website doesn’t use Auth0 but allow users to login using a few different social providers like Microsoft and Google.
My API is secured using Auth0 and also supports Microsoft and Google authentication via Auth0. If my customer sends the JWT token received when the user authenticated with Google with their request to my API, will Auth0 authenticate the user even though my customer doesn’t use Auth0?
As explained in this doc What Is Single Sign-On Authentication (SSO) And How Does It Work? for SSO to work between two or more apps they need to authenticate via same domain. On initial authentication, authorization server establishes cookie with single auth domain. Subsequent authentications are implicit if those session cookies exists.
Having said that I’m unclear of your use case here I need to enable SSO between my customer’s website and my API. Do you mean that once user is logged into your customer’s website, they should be allowed to call your API without any authentication?
Is your API registered as a Resource Server in Auth0? My API is secured using Auth0 and also supports Microsoft and Google authentication via Auth0 That is not possible in Auth0. APIs only grant permissions to other applications and when users authenticate for those applications, they grant permissions to the application to call APIs on behalf of them(the users).