Single sign on to organisation


I have an issue with a proof of concept I am looking it.

  1. I have two angular applications setup in Auth0,
  • for flexibility, both applications are turned on for organisations
  • types of user is set to both (direct from database and via organisations membership)
  1. Organisation settings are set to ‘enable automatic membership’.
  2. The first app is configured as the global login, with the second setup to auto-login (SSO) when the first redirects to it via a button click (using getAccessTokenSilently() call)
  3. In Angular config, organization parameter is configured in application two’s auth0 config only.

The issue:
When a user is in the organisation membership list, after logging into application one, on button click to redirect to application two, silent login works great, and the user it SSO’d into application two.

When a user is not in the organisation membership list, after logging into application one, on click to redirect to application two, silent login (getAccessTokenSilently()) fails stating ‘login required’.

Expected behaviour: The user is added to the organisation membership list on the getAccessTokenSilently() call (enable automatic membership is on).
The user is silently logged in to application two.

Is there any way this scenario could work (switching organisation, auto adding user to org member list, and silently logging in) ?

Hey @Kush1 welcome to the community!

Are there more than one organizations involved? Which organization is the user added to when logging into the first app?

Hi @tyf, there potentially could be multiple organisations involved, I’m just testing with one first. The first application doesn’t use an organisation to login so its directly via the connection/database.

Once logged in, via button click, the second application is opened. The organisation at the moment is hard-coded in the auth config on application two which is used for the silent login.

I’ve figured out a solution for us using custom values being passed in the silent auth request, then adding these to the token in a post login action. Thanks to anyone that had a read and a think :slight_smile:

1 Like

That’s awesome, thanks for sharing here! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.