OAuth token shared in different applications within the same tenant?

jimmychu0807 · April 17, 2019, 2:21pm

Hi,

I have a frontend (React) application that have deployed into multiple instances with different sub-domain name, e.g app1.domain.com, app2.domain.com, and app3.domain.com. I am using auth0 for my login mechanism.

So I have the following object passed in,

  auth0 = new auth0.WebAuth({
    domain: AUTH_CONFIG.domain,
    clientID: AUTH_CONFIG.clientId,
    redirectUri: AUTH_CONFIG.callbackUrl,
    audience : AUTH_CONFIG.audience,
    responseType : AUTH_CONFIG.responseType,
    scope : AUTH_CONFIG.scope
  });

domain, responseType, scope are the same across all apps.
clientID, redirectUri, audience are different for each app.

But how come the oauth token seems to be shared among apps, meaning if I login to app1.domain.com, it seems I am automatically login to app2.domain.com and app3.domain.com as well?

Thanks.

konrad.sopala · September 2, 2019, 12:09pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?