SSO with OIDC results in infinite loop

Help
,
1

Hello Auth0 Community,

I have 2 apps myapp.domain.com and external.com, both of them are using auth.domain.com (custom domain) to authenticate via OIDC. Logging in via external.com gives me access to myapp.domain.com, so I suppose SSO is working?

The issue is that myapp.domain.com embeds a component from external.com, and this component checks if the user is authenticated, if so, it will proceed to load the rest of the components, if not, it will prompt the user to log in.

From what I have seen in the HAR files

  1. Loads page assets in myapp.domain.com
  2. Loads components from external.com
  3. Component redirects to authenticate user
  4. Redirect to auth.domain.com/authorize to log in
  5. Redirect to external.com is for sale with the code
  6. Reloads the page in 1

Does anyone have an idea why does the external.com component not recognize the authentication tokens already in place and keeps requesting to log in again?

2

it seems that the tokens for myapp.domain.com and external.com are overwriting each other, hence the infinite loop when one refreshes the token and the other app tries to refresh the token because it does not recognise the token.

Seems like my SSO is not working properly, are there any steps I could take to verify if SSO is working properly?