OpenID Connect Authentication inside a seperate Embedded Application

Hi,

I would like to know what are the solutions and best practices for Authenticating a user in a web application that is embedded inside another web page?

The app that is embedded inside the page is the app using Auth0. The parent page has it’s own Auth with it’s own provider, which i have set up as an OpenID Enterprise Connection in Auth0. Authenticating here using page redirects works nicely and as expected.

My Auth0 enabled embedded app only loads based on user interactions, therefore the redirect page approach does not work here as it would end up redirecting back to the parent page in it’s original state with the embedded app no longer loaded. I don’t have much control over the parent page, as this application is designed to be included by various domains who want to use it.

So therefore my question is how can I Authenticate this without redirecting away from the page? I have to be logged in with the parent application to get this far so I don’t need a login screen or anything like that. I am wondering if it is possible to login here just using the code (which is Javascript / React), without navigating away from the page at all?

Apologies if this has already been asked but I could not find any answers, thanks.

Hey there @gazmatron welcome to the community!

Although typically not encouraged, it sounds like your only option may be to utilize an embedded login approach so as to avoid any sort of redirect (Universal Login) - Just be aware of the potential downsides vs Universal Login.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.