Require login when switching between applications

I need to provide an area of my application for my customers’ customers to input data while they are present at their respective physical locations.

This area must not be publicly accessible. Further, once in this area, I need to prevent the end users from accessing the main application. Therefore, I would like to require my customer to login to the main application and then serve the “customer” mode as a separate application.

I’m wondering if there’s a way to force the user to re-enter their credentials when returning from “customer” mode to the regular application. I’m aware of the prompt=login option, however, I’m using an SPA and definitely don’t want to repeatedly require credentials if they haven’t ever entered “customer” mode.

If there’s a way to alter the auth0 cookie to store that they’ve entered customer mode that would be sufficient but I can’t find any documentation to that effect.

Hi sevan11,

This sounds very complex from a security perspective. Without knowing a LOT more, I cannot make suggestions.

It sounds like your customer is working, say with an ipad, then enters “customer mode” and hands the ipad over to their customer. Is that correct? Or is this a kiosk type deployment, where the kiosk is normally in customer mode?

This sounds quite complex to me, more details are required, but also a full security analysis may be required as well.

John

1 Like