I’m just going through the Auth0 universal login(Universal login - SSO between multiple apps - Auth0) page. It has this image that two web applications (www.acme.sport and www.acme.media). That two web applications are login the users by a single login page(accounts.acme.com). This is the requirement I want to add my project. I’ve gone through much auth0 documentation but I’m not able to to find any example related to the above requirement. Please Can anyone tell me how to implement that or point me in some direction?
This universal login page can be used for all of the applications you configure, you just need to begin an /authorize call with a “redirect_uri” back to the app being logged into so the user is sent back to the right place after authentication.
I’ve created a tenant with two applications (Without a custom domain for universal login). I configured my two PHP applications by following this doc page. I require to configure the single sign-on between my two PHP applications. I’m quite confused because the users can log in to the applications seperately. Auth0 is not identify the current login user from the other application. When I checked the networks there was a 404 for ssoData.
The ssoData is a legacy response still in use by some older Auth0 tenants, by default all tenants now use ‘Seamless SSO’. You can ignore the 404 for that endpoint.
Seamless SSO means that no prompt is shown to the user if they already have a valid session (and they presented their auth0 session cookies in the authorize request).
So you should be finding that if a user has already logged into one PHP app, when they attempt to login on the second app on the same tenant, it would direct them to Auth0, and then be immediately redirected back as they already have a session, without needing the user to enter their credentials again.
If you are seeing differently, your browsers may be stripping the Auth0 cookies required to allow the SSO to work, if the cookies are seen as 3rd party. Setting up a custom domain on your tenant should stop the cookies from being treated as 3rd party by the browser and allow them through however. You could also test this by enabling 3rd party cookies on your browser to check it works.
I have similar setup 2 apps (different domains), same tenant, custom domain, SSO enabled.
If I login in one app then I have to login in the app as well. They are not sharing same login information.
I was using prompt=login option for loginWithRedirect.
This will always show the login prompt even if there is a valid session on the server.
Just removed prompt=login option and it works now.