We have connected two applications in the same tenant. After deployment, SSO stopped working.
We have a Regular Web App A and a SPA B.
In the RWA A, we have a link to the SPA B. We expect a seamless SSO when a user clicks the link to SPA B.
However, the SPA started to prompt the user for the username+password combination (or an IDP login). Recently, we have updated our custom domain settings which caused SSO to stop between the two apps. What is going wrong here?
The application started to ask for user credentials upon logging in, even if the user has already logged in to another application.
There is a domain mismatch.
The RWA A was using the custom domain, while SPA B was using the canonical (default) domain.
Since the domain was different, the session cookie for the Auth0 layer session was not sent to the tenant upon requesting to /authorize the endpoint.
Use the custom domain for these two applications.