Seamless authentication between two apps

Hi,

I am using Auth0 for my applications. I have two applications which uses different Auth0 configurations.

One is built using angular and uses SPA configuration, The second one is built using Next.js 14 (App router) and uses Regular Web Application configuration. Both of these configuration belongs to same tenant and are hosted on same main domain.

I am looking to develop a user authentication flow where one user when logs in to angular application and gets redirected to next.js application, it should get automatically logged in.

I can’t find any relevant document for this.

Is this possible considering the two application are of different nature in terms of their configurations in auth0?

Thanks,
Kunal

Hi @kunalvirk!

Welcome to the Auth0 Community!

I recommend taking a look at these links regarding SSO between applications on the same tenant:

Please let me know if you have any additional questions after reviewing the above resources, and I’ll be happy to help :slight_smile:

Best,

Mary Beth

Thanks for a quick reply.

Is it possible to achieve this without the need of SSO? As in, I pass some accessToken in the URL while redirecting to Next.js application and then use Auth0 API to use that token to log the user in.

If not, then what sort of changes I need to make in my angular based SPA in order to support SSO as the SPA is in production and can not have any downtimes?

Thanks,
Kunal

Hi @kunalvirk,

Thank you for your patience! Do these applications share a database connection?

Thanks,

Mary Beth

Hi,

No they don’t. Apart from there Auth0 configs being in the same tenants there are nothing common.

But I am interested in any solution if they would have shared a common DB connection for user storage.

Thanks,
Kunal

Hi @kunalvirk,

If all applications use the same database connection, then SSO will work seamlessly.

To make authentication seamless and avoid visible redirects, it is possible to use silent authentication, which relies on an invisible iframe to issue a token using the session in Auth0.

To use silent authentication, it’s recommended to configure a custom domain. This allows the application to share the same origin as the Auth0 tenant and solves the issue of browsers blocking third-party cookies.

Additionally, all tenants have SSO enabled by default. When a user authenticates against APP A, a session is created, so if that same user navigates to APP B in the same tenant, then the same session will be used and the user will not be prompted for any credentials.

Best,

Mary Beth

Hi Mary,

So SSO will only work if

  • The Auth0 config uses a custom domain
  • The applications are under same tenant
  • And share a same database connection

And if the above three conditions are not met then the user will be have re-authenticate itself If it is coming from Application A (on other domain) to Application B even if these applications share configs that belong to a single tenant, right?

Thanks,
Kunal

Hi @kunalvirk,

Yes, that is correct!

Thanks,

Mary Beth