Share login/token between 2 micro frontend apps (2 different auth0 apps)

This is my use case:

Our company has a frontend application A which uses auth0 for authentication (lets call the registered application in auth0 CA)

My team now develops an application B which also needs user authentication (lets call the registered application in auth0 CB)

Our application B can now be integrated via a script call in application A, and some params can be passed on initialisation.

As an example, called by application A:

const appB = createB({
  option_key: 'option_value',
})

The user will be already authenticated in app A, before app B is initialised. Thus in app B we do not want the user have to login again (and never see a login screen - either the user is logged in an everything works, or an error is shown!).
(We can’t pass the auth0Client instance from app A, nor can we access any global js object in app B)

How do we best achieve this?

  • can we utilise the silent authentication functionality in app B to either authenticate and get tokens or to fail with own error handling (will this also work if the user only authenticates in app A with auth0 registered app CA?)
  • can we use the access / refresh tokens from app A to get new tokens for app B?
  • any other / better way of doing this?

Hi @jacksbox,

It sounds like you are describing an SSO scenario. You can use a silent login request to “log the user in” to your second app, silently.

It typically doesn’t make sense to share tokens between applications. App A and App B should have their own tokens and function independently from each other.

If you have question about how to implement this please add some details about your use case (what framework, SDK, language, etc.).

Thank you!

Hi @dan.woda, thanks for the response.

Here is a more extended explanation of the use case:

App A is a VueJS V2 Application connecting to Backend A. (managed by another team)
App B is a VueJS V3 Application connecting to Backend B. (managed by my team)

App B will be integrated into App A like an external plugin: loaded via script tag and then calling the init method of App A.

Both Apps authenticate via our companies auth0, but they are configured as different apps inside auth0.

What we want to achieve: When App A loads App B, we are already sure that the user is logged in, so we do not want any login necessary in App B (but still do authentication).

If they are different apps registered with Auth0 they should have different tokens. Tokens are issued to specific applications/clients.

SSO allows two applications to share a single session (no login necessary), but still authenticate.