I’m trying to start working on a project where there are two systems involved (angular UI)
The first (external) application uses OKTA for authentication.
The second (internal) application uses Auth0 for authentication.
The user will login into the external application and be authenticated.
They will click on some link - that will seamlessly redirect them to a widget of the second internal application (which will load in a pop up) - without needing the user to re-authenticate with Auth0.
Rough conceptual flow:
User (external system) → Okta: Authenticate
Okta → Generate User: Okta Token
User → Click on widget link and Send Okta Token as a parameter
Internal System → Validate Okta Token - decode the token and pull out user information - e.g.email
Internal System → Call Auth0: Request Auth0 Token for the particular user --HOW???
Auth0 → returns Auth0 Token for the particular user
Widget → Uses that Auth0 Internal Token to proceed.
Apologies- I’m new to Auth0 and OKTA - so I need the dummy version please.
Hi @Eimear.Doyle,
Welcome to the Auth0 Community!
Just so I understand your use case, can you confirm my understanding:
User logs into Okta. User clicks on a chiclet in Okta and is authenticated into an Auth0 application.
If I’m misunderstanding, can you provide more information on your use case?
Thanks,
Mary Beth
Hi Mary Beth,
Thanks for your help - I really appreciate it.
Yes - correct User logs into the 1st application using Okta. User clicks on a link that application - which is redirecting them into a separate application that is authenticated into an Auth0 application.
While from the backend/technical perspective - they are two completely different applications (with different ways of authenticating) - to the end users perspective - it needs to look like one unified application (and they won’t be redirected or asked to authenticate twice).
I saw this feature in your documentation: custom-token-exchange-beta
To me, this sounds like it might be a solution to try for the use case.
However when I tried it – I got an error saying
“error”: “invalid_request”,
“error_description”: “Feature is disabled for this tenant”
Is there a way to enable that feature in Auth0 tenant? What would that involve?
Thanks again,
Hi @Eimear.Doyle,
The custom-token-exchange-beta was closed to new participants in November 2024, but customers will be able to start onboarding once we open/announce EA, which is expected for the end of this month, January 2025. Therefore, you should be able to start using the Token Exchange feature around the end of this month.
Additionally, I recommend taking a look at this article: Setup SSO for Auth0 Sample App With Okta As IdP
Please let me know if you have any additional questions!
Best,
Mary Beth