Redirecting Users to Different Web Applications After Universal Login

leonardo.lombardi · August 24, 2023, 5:28pm

Hello Auth0 Community,

I have set up a single Auth0 tenant that serves two distinct web applications. These applications are hosted on different domains, let’s say app1.com and app2.com.

I aim to implement a Universal Login flow using a third URL (let’s say app.com). The desired flow is:

User visits app.com.
User is redirected to the Auth0 Universal Login Page.
After authentication, based on certain criteria (either the incoming application or user’s app_metadata), the user is directed to either app1.com or app2.com.
The chosen application (app1.com or app2.com) completes the authentication flow, and the user can then interact with it as an authenticated user.

Currently, using Next.js 13 and Auth0, I’ve been able to achieve the redirection using an Auth0 Action (Step 4). This redirects users to app1.com/api/auth/callback or app2.com/api/auth/callback successfully.

However, I’m having difficulty with the last part of the flow (Step 5). I tried using the “state” query parameter to conclude the authentication process, but I can’t discern what information I need to send/receive to complete the authentication and maintain the user’s authenticated state on app1.com or app2.com.

Could anyone provide insights or guidance on how to successfully finalize this authentication flow?

Thank you in advance!

rueben.tiow · August 25, 2023, 4:22pm

Hi @leonardo.lombardi,

This is a little difficult to do since the login request specifies the ‘redirect_uri’ (Callback URL), meaning that you will need to preemptively know where the user is going to land at the end of the authentication flow.

For example:

https://{yourDomain}/authorize?
    response_type=code&
    client_id={yourClientId}&
    redirect_uri={https://yourApp/callback}&
    scope={scope}&
    audience={apiAudience}&
    state={state}

Given that, you could have the user select whether they want to log in to app1.com or app2.com at the start and have them authenticate that way.

Let me also mention that using Redirect with Actions will redirect the user to your preferred URL. However, to complete the authentication flow, the user must be sent back to the /continue endpoint with the ‘state’ parameter, where they will eventually complete the flow and land on the Callback URL you specified in the ‘redirect_uri’ query parameter in the login request.

See this doc for more information on resuming the authentication flow when redirecting with Actions.

Thanks,
Rueben

system · September 8, 2023, 4:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.