Auth0 Home Blog Docs

OAuth token shared in different applications within the same tenant?

login
#1

Hi,

I have a frontend (React) application that have deployed into multiple instances with different sub-domain name, e.g app1.domain.com, app2.domain.com, and app3.domain.com. I am using auth0 for my login mechanism.

So I have the following object passed in,

  auth0 = new auth0.WebAuth({
    domain: AUTH_CONFIG.domain,
    clientID: AUTH_CONFIG.clientId,
    redirectUri: AUTH_CONFIG.callbackUrl,
    audience : AUTH_CONFIG.audience,
    responseType : AUTH_CONFIG.responseType,
    scope : AUTH_CONFIG.scope
  });
  • domain, responseType, scope are the same across all apps.
  • clientID, redirectUri, audience are different for each app.

But how come the oauth token seems to be shared among apps, meaning if I login to app1.domain.com, it seems I am automatically login to app2.domain.com and app3.domain.com as well?

Thanks.