We currently have a web app using Lock to authenticate users hosted on app1.example.com, and we are creating a single page app (React) that will be hosted on app2.example.com.
In the long term app1 will disappear and app2 will be the only one staying, but right now, during our beta phase, our users will have access to some features in app2 and the rest in app1.
The only way to access app2 is from app1, so I’m looking for a way to have the users being automatically authenticated on app2, so they wouldn’t have to log in twice.
So far I have tried to save access_token and id_token to cookies with the domain .example.com, to be accessible by both apps. I can retrieve them and use them in app2, but when they are about to expire I did not find a way to renew them.
I have tried with auth0-js and checkSession but I could not figure out a way to “log in” the user when instantiating the webAuth on app2.
Any idea how to do that ? Maybe something obvious that I’m missing