We run a web app with a sort of end-to-end cryptography system, where everything is encrypted with keys derived from the user password.
Recently a request for SSO implementation came. From this it seems that implementing SSO and also E2EE, without the need for a desktop or mobile app is possible, but that is the only mention I found.
Is there a way of getting some secret from Auth0 that is unique for each user, is secure to use for encryption of user data and does not change between sessions? Or is this just generally not a good idea at all?