Hello everyone,
I’m working on a project with two Single Page Applications (SPA) built in Angular that use different identity systems:
- The first application uses Auth0 for user authentication
- The second application uses Okta for identity management
I want to implement a seamless flow so that when a user is authenticated in the Auth0 application, they can be redirected to the Okta application without needing to reauthenticate.
Here’s the flow I’m aiming for:
- The user logs into the Auth0 app.
- When they switch to the Okta app, the Auth0 token is passed along.
- The Okta app verifies the Auth0 token. If the user already exists in Okta, an Okta token is issued to access the resources. If the user doesn’t exist, they are created in Okta, and the correct groups are assigned based on the claims in the Auth0 token.
My questions are:
-
Which method would you recommend between:
- SSO using OpenID Connect or SAML between Auth0 and Okta?
- Token Exchange (RFC 8693) to exchange the Auth0 token for an Okta token?
-
Are there any guides or resources you would recommend for implementing either of these methods?
I’m looking to set this up in a secure and user-friendly way, so any suggestions or experiences would be greatly appreciated.
Thank you in advance for your help!