Open IdoMor opened 4 months ago
What you are requesting sounds possible already by not setting the cookieDomain
at all. Can you elaborate on what isnt working when u use that?
Our ideal solution would be that each opened application would have its own JWT value, meaning that we would be able to have multiple sessions simultaneously
This is already the case. Tokens are either put into memory (then each tab has its own memory cache), or into local storage (then each domain has its own cache).
First of all, thank you for the detailed (and fast) response. If tokens are stored in the memory, what is the reason for having an organization_hint cookie? I think that setting and cookieDomain into an empty value would not work for us, since our goal is to support 2 types of sessions:
Single session for multiple applications - Allow the user to only have a session into a single organization, across different tabs - Would not work if setting the cookieDomain value into an empty value
I do not think this is exactly true. Even though I can understand using cookieDomain can help here, this should still be possible without the cookieDomain, with a slightly decreased UX perhaps. I'd recommend giving it a try and evaluating if it fits your needs.
Having said that, I am not sure I understand what you are saying. Do you want Multiple sessions at multiple applications
or Single session for multiple applications
? You can't have both, so it's either one or the other and you set the cookieDomain
accordingly.
Also note, when using the auth0-spa-js
SDK, there is no concept of an application session, we just use tokens and store them. It may feel as if there is a session, and I understand what you mean. But there is no true single/multiple sessions.
Let me get back to my original question Can I use getAccessTokenSilently with organization_hint that is different than the one exists on the cookie? for example, cookie organization_hint value is 'org_1' And getAccessTokenSilently is executed with {organization: org_2} Will I get back a token? Given the fact that I have authenticated into org_2 before executing the call getAccessTokenSilently?
Note that the authenticated user does have access to both org_1, and org_2
No, see https://github.com/auth0/auth0-spa-js/blob/main/EXAMPLES.md#switch-to-a-different-organization. If you want to switch organizations, you have to go trough the loginWithRedirect
or loginWithPopup
.
Checklist
Describe the problem you'd like to have solved
We are using auth 0 for a while now, and we have the following architecture
We would like to change this behavior, such that each open application would have "its own" organization_hint so that each application opened in each tab would be authenticated to a different organization
We are adding the JWT value to each request sent from each application as an HTTP header.
Does this scenario supported by auth0? If we would pass the organization_hint to 'getAccessTokenSilently' in order to get the JWT value, will this work? even if there is a different value on the organization_hint cookie?
Describe the ideal solution
Our ideal solution would be that each opened application would have its own JWT value, meaning that we would be able to have multiple sessions simultaneously
Alternatives and current workarounds
none
Additional context
No response