Next-auth: silent login on multidomains

Created on 16 Jul 2020  路  5Comments  路  Source: nextauthjs/next-auth

Your question
How can we achieve to log in a user on a second domain without asking him again his credentials?

What are you trying to do
We are investigating to use this lib to manage the authentication of users and we wanted to know if this lib can fit our requirement:

  • using auth0 behind the scene (OK)
  • allow silent authentication
  • allow single logout on multidomain (see https://github.com/iaincollins/next-auth/issues/440)

In Auth0, they provide silent authentication that allow to perform the oauth2 code flow to auth0 and if the user has a session on auth0, the flow will resolve directly, otherwise the flow will fail directly.
I didn't find if it's possible to achieve something similar with next-auth. maybe with callbacks but it's not clear how to use them in this case.

Documentation feedback
don't see anything in the documentation about multidomain

  • [ ] Found the documentation helpful
  • [ ] Found documentation but was incomplete
  • [x] Could not find relevant documentation
  • [x] Found the example project helpful
  • [ ] Did not find the example project helpful
question
Source
picture gagalago
👍2

Most helpful comment

This is a great feature of Auth0 but it is not currently supported as a built-in feature of NextAuth.js.

Often this feature is supported using Window PostMessage and offscreen iFrame which talks to the site at a configured URL and relies on correctly configured CORS headers.

I'm happy to accept a feature request for this!

picture iaincollins on 17 Jul 2020
👍2

All 5 comments

This is a great feature of Auth0 but it is not currently supported as a built-in feature of NextAuth.js.

Often this feature is supported using Window PostMessage and offscreen iFrame which talks to the site at a configured URL and relies on correctly configured CORS headers.

I'm happy to accept a feature request for this!

iaincollins picture iaincollins on 17 Jul 2020
👍2

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep ot open. Thanks!

stale[bot] picture stale[bot] on 5 Dec 2020

@gagalago Did you go forward with the iframe idea? How did you get it set up? I'm thinking of going down the same path.

mikestopcontinues picture mikestopcontinues on 6 Dec 2020

@mikestopcontinues I didn't go forward especially because silent authentication is deprecated because of new browser security measures https://auth0.com/docs/authorization/configure-silent-authentication. So it's better to use refresh token rotation. At the end, I used directly the library from Auth0 https://github.com/auth0/auth0-spa-js (you can find specific packages base on this generic one for for React, Angular...)

gagalago picture gagalago on 7 Dec 2020

Thanks! I really appreciate the help!

mikestopcontinues picture mikestopcontinues on 7 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

simonbbyrne picture simonbbyrne  路  3Comments
ryanditjia picture ryanditjia  路  3Comments
bscaspar picture bscaspar  路  3Comments
ghoshnirmalya picture ghoshnirmalya  路  3Comments
ghoshnirmalya picture ghoshnirmalya  路  3Comments