I am looking to setup multiple applications that utilize a shared login ecosystem of multiple application under the same domain. I would like all the applications under this domain to have a simple way to authenticate without being coupled with auth0’s libraries/apis.
My idea is having login.matthew.com as the primary application dedicated to authentication, then having app1.matthew.com and app2.matthew.com sharing the same auth0 audience, with different client ids.
To renew their sessions all they would do is redirect to login.matthew.com?clientid=123&redirecturl=app1.matthew.com, then login.matthew.com would forward them to auth0’s universal login, and then unwrap all the way back to app1.matthew.com with the auth token.
Is this a valid and best way to do this? Its seems a little clumsy with multiple redirects, but maybe that’s okay. Is there another way to renewsession maybe via an API, that the backend of login.matthew.com can renew instead of redirects?
Thanks for the help!