The WeTransfer team recently finished a big migration with the goal achieving Single Sign On (SSO) across their 3 products.
This post goes into the details on why they chose Auth0, how the migration process went, the challenges they faced, and the things they learned along the way. Here’s an example of one of their learnings:
Think about accounts ownerships between products. Is it possible for an attacker to take control of another account with the same email? How do you avoid that? We decided to ask for credentials or require a password reset in those scenarios where we couldn’t guarantee account ownership.