SSO does not work
mkokho opened this issue · 1 comments
Hi there,
I want to login automatically when my application session expires. However, I am presented with Universal Login page when my application session expires. I expected be silently authenticated by the Auth0 Server.
How to reproduce
- create new tenant
- create new Auth0's Application in the tenant of type Regular Web.
- run the java sample from this repo. Configured it to use Auth0's application and tenant created in the two previous steps.
- log in with Google.
- restart the java application to clear the application's session.
- visit http://localhost:3000/profile
You will be redirected to the Auth0's Universal Login page. Expected - Auth0 silently authenticates and redirects browser to the /profile page.
This documentation describes that Auth0 authenticates a user when their Auth0 Server Session is active: https://auth0.com/docs/sessions-and-cookies
For others with the same question - Auth0's silent authentication requires the prompt=none parameter on the authorize URL, which is not contained in this (simple) sample. To accomplish that, you'd need to customize the authorize URL, which is demonstrated here, to add the prompt=none parameter. Note that if the user does not have an active session on the Auth0 tenant, an error will be returned, which would need to be handled (e.g., redirect them to the Universal Login page if they are required to login). More info about silent authentication can be found here.