Social Identity Provider Issuing Multiple Tokens for Multiple Firms

Ready to post? :mag: First, try searching for your answer.
Hi Auth0 Community,

I’m using Auth0 Universal Login to manage user authentication and authorization, with two custom social identity providers (IDP1 and IDP2) for accountant firms.

Here’s the situation:

  1. I’ve added IDP1 and IDP2 as custom social identity providers using OAuth2 flow, and everything is working fine.
  2. During the authentication process, users select their firm from a dropdown list, and the provider returns tokens based on that selection.
  3. In my backend, I persist each user with a 1 : M relationship between the user and their associated accountant firms, saving the tokens accordingly.

The Issue:

  • When the same user is associated with multiple accountant firms, it’s not clear which firm they are logging in from during subsequent logins.
  • As a result, I cannot determine which refresh token to use.
  • In the access token response, I do receive an attribute called “firm” that identifies the firm.

Question:

  • How can I pass this “firm” attribute from the access token response to my application so that I can correctly identify the user’s firm and handle the refresh token accordingly?

Any insights or best practices on how to handle this scenario would be greatly appreciated!

Thanks in advance!