How to use one JWT token for authentication on different sites?

V

vith772019-07-30 11:43:01

JSON Web Token

vith77, 2019-07-30 11:43:01

Now there is an already working web application (SPA) where JWT is used for login. The server gives the token through cookies. There is a second application (another domain). You need to make it so that you can go from the first to the second by the link and stay logged in. If both applications were in the same domain (third level), then cookies could be used, but this is not the case yet. I thought that I could do this: 1) take the token from the cookie of the first application 2) Make an Ajax request with this token through the api of the second application, check the token there, save it somewhere in the database, create a unique link and send it in response to api request. 3) The first application opens the received link, the server of the second application exposes the link, finds the token in the database and sets the necessary cookies. I'm wondering how suitable such a solution is. And are there other options? I know that they usually use a separate server for authentication, but in this case this option will be considered last.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ivan Shumov, 2019-07-30
@inoise

But in the tags is the whole answer to the question. We take out Identity Server separately and use it for user login. It can be anything: Keycloak, IS4, WSO2, Auth0, .... Depending on the task.
And the scheme is simple: The user enters the application (in any of them). The application calls IdentityServer with the words "Vasya, I don't know who this is! Please figure it out." And if the user is already logged in or if he logs in, then the application logs him in and sets cookies.
This is how SSO works. Which flow from OAuth / OIDC to use - according to the situation