Answer the question
In order to leave comments, you need to log in
How to do cross domain authorization in Flask?
Good afternoon, I needed to do a cross-domain registration authorization on the site, maybe someone knows how best to do this on Flask?
Answer the question
In order to leave comments, you need to log in
Flask has a Flask-Session extension that provides more advanced session functionality. If authorization on subdomains is made easier, since subdomains have access to the cookies of the parent domain and the session is easy to pick up.
But if the domains are different, then, for security reasons, cookies between them are not transmitted in any way during requests. Here they usually come out in such a way that somewhere there is a single entry page (in Habr, for example, this is id.tmtm.ru). Authorization links from all sites lead to it. After successful authentication on this page, you are redirected to the original page. In this case, a short-lived token is usually transferred, according to which the session is transferred to a third-party domain.
Sites then probably have access to a common database with sessions and users, so the token will identify the user, set their cookie and maintain the user's session. Additionally, they also embed a JS code that can check in the background whether there is a ready session on the authorization page. If it is, then we simply make a redirect and pass the token without an authorization request from the user.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question