Your current setup with separate Auth0 applications for login and signup is a common pattern for B2B multi-tenancy. For step 3, using auth0-spa-js for your Onboarding client is highly recommended. It simplifies token validation and state management, and checkSession is indeed the correct method to verify user authentication without a full redirect. This will allow you to gracefully handle unauthenticated users. For step 4, the redirect to the sign-in screen after organization acceptance suggests that the session established by the Onboarding client isn’t seamlessly transferring to the Application client. The recommended approach here is to leverage Auth0’s OIDC conformant behavior. After successfully adding the user to the organization, instead of redirecting to the Application client’s /authorize with just the organization parameter, you should trigger a silent authentication flow (e.g., using checkSession with the organization parameter) from your React app once it loads. This will obtain new tokens scoped to the user’s new organization, effectively bridging the two sessions without an extra login step for the user.
1 Like