Looking for someone that knows if it is possible to use Auth0’s OAUTH implementation, to store a piece of data, like a PatientID, within the OAuth response/Callback?
We have a system where we have WEBAPP_A, WEBAPP_B, and AUTH0 as the IdP.
We need:
a user in WEBAPP_A to authenticate to WEBAPP_B via OAUTH
1a. upon successful authentication, WEBAPP_A sends a PatientID to WEBAPP_B within the Auth0 OAUTH response
WEBAPP_B will, upon receiving a PatientID, request additional information from WEBAPP_A
WEBAPP_A will then receive a query string that leads to WEBAPP_B’s application via a new browser tab.
We need to figure out how WEBAPP_A sends metadata (PatientID) along with the request for authentication.
I am hoping I explained the issue accurately but understand that I am not a developer.
Auth0 Enterprise Support is not an option for us so we are looking for a consultant.
I don’t have a complete answer for you, but I’d like to clarify step 1:
a user in WEBAPP_A to authenticate to WEBAPP_B via OAUTH
This is just a function of single sign-on. As long as both apps are set up as apps (clients) in Auth0, a user can potentially move from one to the other seamlessly. It is up to you to decide how to manage access.
1a. upon successful authentication, WEBAPP_A sends a PatientID to WEBAPP_B within the Auth0 OAUTH response
I don’t think this has anything to do with OAuth. I have no idea if this is a good idea from a webapp security perspective but, but WEBAPP_A would redirect the user to WEBAPP_B, perhaps with the PatientID in the headers (this sounds bad! but I am not an expert in this area). When the user lands on WEBAPP_B, the app will attempt to log them in. Since they already have a an active session in Auth0 (from logging in to WEBAPP_A) they will be logged in to WEBAPP_B silently. WEBAPP_B can then take the PatientID and do what it needs to do.
If WEBAPP_B needs more info on the patient, it should probably be calling an API, not WEBAPP_A.