Welcome to the Auth0 Community!
I think that you should benefit from this response → Sharing authentication between 2 sites - #2 by jmangelo which generally boils down to this:
- The end-user accesses application
Awhich has no idea who the user is so it makes a non-interactive request toidpas a way to verify if the current end-user has already authenticated.- If the end-user never authenticated before application
Ais notified of that and redirects the end-user to theidpauthorization endpoint where the end-user will authenticate through the hosted login page .- If the end-user already authenticated before application
Awill receive the user identity and any applicable tokens and proceed to treat the end-user as authenticated.- The end-user accesses application
Bwhich has no idea who the user is and a similar dance as above is done, however, now the user is already authenticated so applicationBwill be able to treat the user as authenticated without requiring end-user interaction.The key points from above is that an application can inquire if a user is already authenticated in a non-interactive way (without user intervention). In case of success the application can proceed to use the current user identity and any applicable tokens received. If the response is negative then the application should redirect the user through the hosted login page so that he can authenticate and at the same time start an authenticated session at the
idp.
Thanks
Dawid