Hi! Long time no see!
After doing several experiments and research I come to you for help and assurance.
We are in the middle of migrating all our UI apps to using the ULP. Unfortunately, updating the signup flow will take considerable time so as some other UI apps will be using the ULP before that happens, we are updating our signup app to create an Auth0 session at the end of the signup flow.
The way to do that is by using auth0.js which allows us to create an Auth0 session on the background by calling login(). This method offers a config parameter called onRedirecting which is executed (by auth0.js) right after an internal call to co/authenticate, exchanging the user credentials for a login ticket. When configuring onRedirecting we are supposed to call done() at the end.
The issue we face is that login() generates a redirection (/authorize) to finish the authentication and exchange the login ticket for an access token. This redirection makes us loose significant browser in memory data that we need to retain to finish the signup flow.
I noticed that if in onRedirecting I don’t call done() I can stay on my app, have an Auth0 session on the background and finish the signup flow myself. I’m not interested in obtaining an access token at this point as the UI app that comes after the signup will do it by itself as there is already an Auth0 session.
I can see all of this works but I need assurance.
Question: Can I just not call done()? What are the issues, if any, involved? Is co/authenticate enough to establish an Auth0 session on the background so then another UI app can call /authenticate to get an access token?
Thank you!