PHP

And how do you implement cross-domain authorization?

Good afternoon friends. An interesting task for me appeared, in which I have no experience yet. I want to say right away that the question does not carry a request to write code for me, but is purely debatable, so that you confirm my thoughts or correct errors in them.
Task:
There is an authorization server with user accounts stored on it, with access rights and much more. There are microservices in which authorization is needed to access the rights (actually, the rights for this microservice) and data. If we enter on one of the services, we must log in to each of the others (I will describe the nuance later). Likewise when exiting. (Physically, all microservices can be located on different servers, work on different versions of libraries, work with different databases (or not use it at all))
What are my thoughts:
Carry out authorization on the side of the authorization server (let it be like google - accounts.example.com), after the redirect we will return to the service we need. Attach an iframe to the html with an external link to check / renew the session (and if there is no session, then the js inside the iframe will send us to the authorization server).
The nuance of automatic authorization:
You must click on the button, the user will be transferred to the authorization server, and from there back.
I peeped all these things from google, because I still don’t know many things. For example:
- How to implement saving the session on the side of the microservice after a redirect so that the data is not compromised? (encrypt?)
- How to store the session on the microservice side? (I think the old fashioned way, in session)
I would be grateful for any theory. But let's remember that this is a discussion, no hate please)