'SSO auth flow for microsite embedded in native/web/salesforce apps
I have a small (React) microsite that I want to embed in mulitple apps including:
- Public client apps such as:
- iOS native app (Swift)
- Android native app (Kotlin)
- JavaScript SPA web app
- Salesforce (looking to use Salesforce 'Canvas', but don't know too much about this yet)
The native apps will either use WebView or in-app-browser-tab, while the web app & Salesforce (Canvas) will use iframes.
The microsite will call a back-end API layer where operations are protected by OAuth 2.0.
Customers using the public clients apps (iOS/Android/web) authenticate to Auth0, while staff using Salesforce authenticate directly into Salesforce.
I know how to make the back-end API trust multiple IDPs/issuers i.e. Auth0 & Salesforce, but how do I implement a SSO flow to pass the authenticated user context (e.g. their access tokens) to the microsite from the public client apps & Salesforce?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|