Suport for multi tab sessions

[IdoMor]

Checklist

• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the documentation and API documentation, and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

We are using auth 0 for a while now, and we have the following architecture

1. Several front-end applications, each on a different domain: [email protected], [email protected], [email protected],
   We are using auth 0 cookies with the domain: 'domain.com' so that whenever the organization_hint cookie is changed (when we logged into another organization), this affects ALL the open applications on all the tabs

We would like to change this behavior, such that each open application would have "its own" organization_hint so that each application opened in each tab would be authenticated to a different organization

We are adding the JWT value to each request sent from each application as an HTTP header.

Does this scenario supported by auth0?
If we would pass the organization_hint to 'getAccessTokenSilently' in order to get the JWT value, will this work? even if there is a different value on the organization_hint cookie?

Describe the ideal solution

Our ideal solution would be that each opened application would have its own JWT value, meaning that we would be able to have multiple sessions simultaneously

Alternatives and current workarounds

none

Additional context

No response

[frederikprijck]

What you are requesting sounds possible already by not setting the cookieDomain at all. Can you elaborate on what isnt working when u use that?

Our ideal solution would be that each opened application would have its own JWT value, meaning that we would be able to have multiple sessions simultaneously

This is already the case. Tokens are either put into memory (then each tab has its own memory cache), or into local storage (then each domain has its own cache).

[IdoMor]

First of all, thank you for the detailed (and fast) response.
If tokens are stored in the memory, what is the reason for having an organization_hint cookie?
I think that setting and cookieDomain into an empty value would not work for us, since our goal is to support 2 types of sessions:

1. Multiple sessions at multiple applications (described above) - would be solved by setting the cookieDomain value into an empty value
2. Single session for multiple applications - Allow the user to only have a session into a single organization, across different tabs - Would not work if setting the cookieDomain value into an empty value

[frederikprijck]

Single session for multiple applications - Allow the user to only have a session into a single organization, across different tabs - Would not work if setting the cookieDomain value into an empty value

I do not think this is exactly true. Even though I can understand using cookieDomain can help here, this should still be possible without the cookieDomain, with a slightly decreased UX perhaps. I'd recommend giving it a try and evaluating if it fits your needs.

Having said that, I am not sure I understand what you are saying. Do you want Multiple sessions at multiple applications or Single session for multiple applications ? You can't have both, so it's either one or the other and you set the cookieDomain accordingly.

Also note, when using the auth0-spa-js SDK, there is no concept of an application session, we just use tokens and store them. It may feel as if there is a session, and I understand what you mean. But there is no true single/multiple sessions.

[IdoMor]

Let me get back to my original question
Can I use getAccessTokenSilently with organization_hint that is different than the one exists on the cookie?
for example, cookie organization_hint value is 'org_1'
And getAccessTokenSilently is executed with {organization: org_2}
Will I get back a token? Given the fact that I have authenticated into org_2 before executing the call getAccessTokenSilently?

Note that the authenticated user does have access to both org_1, and org_2

[frederikprijck]

No, see https://github.com/auth0/auth0-spa-js/blob/main/EXAMPLES.md#switch-to-a-different-organization. If you want to switch organizations, you have to go trough the loginWithRedirect or loginWithPopup.