Laravel universal login to SPA

Help
, , , ,
1

Hi all,

We’ve implemented a universal login successfully in a Vue SPA, but the redundant redir from the SPA to the login page bothers us a bit, since the app has to load up, check if the user is authenticated and only then call webAuth.authorize(). Is there a common pattern to get around this or somehow mitigate the load time (ie bring the auth check to the document’s head so if X is not present in localStorage, don’t bother loading up the SPA)?

Another question we had was that is there a way to call the universal login page and have the callback be on another (sub)domain? We understand that calling .authorize() saves a cookie which is checked for after the user returns to the callback url?
Some background: our public page and blog is a Laravel site and we’d like the Sign up/Login buttons
to take the user directly to the universal login page, which would (after a successful auth) take them back
to the (static/JAM) vue spa on a subdomain.

Currently we tried implementing the latter but it obviously doesn’t work (presumably because of the cookie which I mentioned above?)

What are our options here? Atm we have a dummy landing page for the SPA and only trigger the authorize method once the user clicks a button. We’d love to get rid of this redundant click, but would like to also avoid a “redirecting…” page SPA-side (while the app loads up).

Lastly, is there a way to have the logout method somehow take the user directly to the universal login (hosted) page?

Best,
andreas

2

Is there a common pattern to get around this or somehow mitigate the load time

If someone needs to be authorized to view the page then something needs to happen to check that at Auth0. Another option that might be quicker is to redirect to the /authorize URL using prompt=none and triggering auth if you get an error back. That’s covered in general here:

is there a way to call the universal login page and have the callback be on another (sub)domain?

Callback URLs just need to be specified in the Application settings. There are constraints around what is accepted there but you can add any valid domain/subdomain you’d like.

Currently we tried implementing the latter but it obviously doesn’t work (presumably because of the cookie which I mentioned above?)

You should be able to get that working with a custom domain that all your apps use:

Lastly, is there a way to have the logout method somehow take the user directly to the universal login (hosted) page?

You can specify a return URL on the logout link:

So the logout link would look something like:

https://your-tenant.auth0.com/v2/logout?returnTo=https://your-tenant.auth0.com/authorize?[PARAMS_HERE]

… with all the correct authorize params there and URL encoded.