What is the best UX - get ORG parameter’s in Access token in order to authentication API’s - React Native SDK
We are developing Platform has both cloud, API’s and Mobile apps. We would like to authenticate users into Mobile app and let users to login into ORG’s they belong too to access specific feature. For example there will be different org like service org and customer org needs different features it will be handled based on role, org and permissions.
The work flow typically looks like for now. You need to perform authorise without knowing ORG ID or then you pass that Access token to API’s to get to know list of org’s that user belongs to and pick one of the ORG’s ORD ID like the “external Auth0 ID” and then again call Authorise to get proper new Access token with ORG parameters like ORG UUID in place - the call your API’s.
I understand this => That’s correct that in order to include the org_id in a token, it will need to be included in the authorise call one way or another. But there is evidently a gap in the way ORG parameters will be received.
If you look at typically work flow for my platform.
You may need to call twice Authorise in order to properly authentication API’s.
To get token without ORG’s by not passing ORG ID - As at that time we never know ORG ID.
Then pass access token to get List of ORG’s for the given user.
Call authorise again with ORG ID parameter to get proper access token which I can authenticate with API’s
The 3rd STEP here should be possible if we are able to get ACCESS TOKEN Silently like Single page SDK or JS SDK. But with React Native SDK – RefreshToken does not accept ORG. Its only the Authorise method you need to call Twice. Even though its First-party application (same Auth0 domain) I am not able to get ACCESS TOKEN Silently in the background rather user has to give consent always twice which is bad user experience.
PROMPT : NONE ==> Never works in Authorise call. ( To get Token silently)
For React NATIVE Auth0 SDK’s should also expose method similar to JS SDK’s or SPA SDK’s. Like get Token Silently with ORG ID as parameter other than Authorise method. It will resolve most of the UX/CX issues.