We have a setup where our auth0 SPA authentication app can authorize regular users or organization members.
Currently, our Users can belong to many organizations, but the most frequent scenario will be that they belong to only one organization.
Our SPA JS app is hosted on a single URL and is connecting to any organization. Consequently, for the moment we don’t have the information about the organization to use until the user is first authenticated.
We don’t want the users to be forced to type their organization’s name at the auth0 login step.
So the flow is as follow:
- User open the SPA
- If not authenticated, the user is directed to auth0 for authentication
- the user is brought back to our SPA. the user must then choose their organization, even if there is only one organization in their profile. We have access to their organizations at this step.
- We then use the “loginWithPopup()” of the auth0-spa-js library to re-authenticate the user in their organization without leaving the SPA
Ideally, we would like to be able to either silently authenticate a user as an organization Member in an Post-login Action if that user is member of only one organization, or at the least maybe redirect that user from within the Action to bring him to a auth0 organization login so he would ultimately be brought back to our SPA with an organization token in a single transaction.
Is this something feasible?