How does Single Sign-on work?

J

jeruthadam2019-08-08 23:30:02

User identification

jeruthadam, 2019-08-08 23:30:02

How does authorization work between multiple sites? I asked a question recently, but it went in a different direction - they began to advise some solutions.
I'm literally interested in: how does site B know that I'm already registered on site A? After all, if I set a cookie on site A for the third domain, then this cookie is still not available if I load site B. Then how is the information transmitted?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2019-08-08
@inoise

no way. sites are independent of each other and should not be aware of their existence at all. Users log in and register through a third-party service. That is, the scheme is as follows for simplicity:
1. a person went to the site, the site did not recognize him
2. the site redirected the person to another service (or issued a registration / login form)
3. the person registers and logs in on this resource
4. the site receives from this a resource protected token and checks it
5. the user logs in the user using the token
6. PROFIT
is actually the same scheme with another site, only if the user is already logged in, the token will be transferred immediately