Single Sign on for Single Page Applications

Hello! I am trying to figure out if the following scenario is possible.
I want to have multiple Single Page Applications with an SSO.

I’ve been trying all different setups in the last couple of days, but nothing seems to work.

My current setup is:

Whenever I try, I always get an error “Login is required”. Tried Chrome, Firefox, and Safari. All Cookies are allowed in browser settings. I went through posts in this community and it seems like people used to have this issue lately.

I really just want to know if this setup is possible and realistic and maybe what can be fixed to make it work.

har.txt (68.7 KB)

Thank you!

Hi @romanmakovyak,

Welcome to the Auth0 Community!

Unfortunately, using the getAccessTokenSilently method will always trigger the “Login is required” error message if the user was not previously signed in or if their session has expired.

This method should only be used for Silent Authentication to refresh a user’s session without prompting them for credentials again. Moreover, the user must be logged in for silent authentication to work.

In this case, I recommend using the Universal Login for SSO across your different Single Page Applications.

See How do I configure (SSO) Single Sign-On with Auth0? to learn more.

Please let me know if you have any questions.

Thank you.

1 Like

Thanks @rueben.tiow ! I forgot to mention one step in between :slight_smile: When I Iogin to one of the apps, it’s not reflected in another application. getAccessTokenSilently is a bad example :slight_smile:

Hi @romanmakovyak,

Thank you for your response and clarification.

In this case, could you please clarify if you are using the Universal Login experience?

And are both applications on the same tenant?

Thank you.

Both apps are on the same tenant, I am using UL experience.

1 Like

Actually, I just figured something out. SSO does work for me as expected if I disable organizations on my applications. How do I make it work with organizations?

1 Like

Hi @romanmakovyak,

Thank you for your response.

After my investigation, I did not find the same observations as you. Instead, I found SSO working with both Organizations enabled or disabled.

With that, I can confirm that SSO works with Organizations.

I suggest looking through How do I configure (SSO) Single Sign-On with Auth0? again to set up your SSO correctly.

If you continue having issues, please capture a HAR file of the complete authentication requests.

Thank you.

For the case when an organization is preset for the application, I confirm, that SSO does work.
But for the use case when both SPA’s have “Display Organization Prompt” enabled, SSO does not work.
Did you check this scenario as well?

Hi @romanmakovyak,

Thank you for your response.

Yes, I did check this scenario, and SSO will continue to work even with the Display Organization Prompt enabled. However, you must specify the organization query parameter in the request for SSO to work.

If the organization query parameter is not specified, the application will display the organization prompt, thus disrupting the SSO flow and asking the user for credentials again.

Hoped this helps clarify how SSO works with Organizations.

Please let me know if there is anything else I can do to help.

Thank you.

1 Like

Thank you!

Yes, that’s the behaviour I get as well :slight_smile:

Maybe this could be documented somewhere, this could save people some time figuring it out in the future. In this case, the only viable scenario is to implement Display Organization Prompt by ourselves by using Management API.

1 Like

Hi @romanmakovyak,

Thank you for your response.

Sure that sounds good, I will pass this feedback along to our Docs team.

Please reach out if you have any further questions.

Thank you!

1 Like