This is my use case:
Our company has a frontend application A which uses auth0 for authentication (lets call the registered application in auth0 CA)
My team now develops an application B which also needs user authentication (lets call the registered application in auth0 CB)
Our application B can now be integrated via a script call in application A, and some params can be passed on initialisation.
As an example, called by application A:
const appB = createB({
option_key: 'option_value',
})
The user will be already authenticated in app A, before app B is initialised. Thus in app B we do not want the user have to login again (and never see a login screen - either the user is logged in an everything works, or an error is shown!).
(We can’t pass the auth0Client instance from app A, nor can we access any global js object in app B)
How do we best achieve this?
- can we utilise the silent authentication functionality in app B to either authenticate and get tokens or to fail with own error handling (will this also work if the user only authenticates in app A with auth0 registered app CA?)
- can we use the access / refresh tokens from app A to get new tokens for app B?
- any other / better way of doing this?