Login using oauth/toke 2 apps

amit.mahajan · June 19, 2024, 8:29am

I have app1 (a React/Next.js app) running on localhost:3000. It includes a login page that uses the auth0.com/oauth/token endpoint to authenticate users and retrieve the access_token, id_token, and refresh_token. Now, I want to forward users to app2, which is running on localhost:3001. This app is also built with React/Next.js and uses @auth0/nextjs-auth0 to manage tokens and protect routes. How can I pass the token from app1 to app2 so that app2 doesn’t need to re-authenticate the user, while also handling all the callbacks and nextjs-auth0 configurations?

dawid.matuszczyk · June 28, 2024, 10:47am

Hi @amit.mahajan

Welcome to the Auth0 Community!

I think that you should benefit from this response → Sharing authentication between 2 sites - #2 by jmangelo which generally boils down to this:

The end-user accesses application A which has no idea who the user is so it makes a non-interactive request to idp as a way to verify if the current end-user has already authenticated.

If the end-user never authenticated before application A is notified of that and redirects the end-user to the idp authorization endpoint where the end-user will authenticate through the hosted login page .

If the end-user already authenticated before application A will receive the user identity and any applicable tokens and proceed to treat the end-user as authenticated.

The end-user accesses application B which has no idea who the user is and a similar dance as above is done, however, now the user is already authenticated so application B will be able to treat the user as authenticated without requiring end-user interaction.

The key points from above is that an application can inquire if a user is already authenticated in a non-interactive way (without user intervention). In case of success the application can proceed to use the current user identity and any applicable tokens received. If the response is negative then the application should redirect the user through the hosted login page so that he can authenticate and at the same time start an authenticated session at the idp.

Thanks
Dawid

system · July 12, 2024, 10:47am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Secured request between two applications of the same domain Help configuration , application	0	5	August 21, 2024
Having trouble with auth0, Next.js, AppSync via OIDC Help connections , oidc-enterprise-connection	0	98	July 4, 2024
Next.js using getSession or getAccessToken resulting in user authentication being lost Help sessions , authentication-sessions	0	50	July 18, 2024
How do we ensure a session is still valid on refresh with NextJS app folder? Help logout , sessions	4	2933	September 26, 2024
Auth0JS vs NextJS SDK Help login-experience , new-universal-login-experience	2	18	October 17, 2024

Login using oauth/toke 2 apps

Related Topics