Answer the question
In order to leave comments, you need to log in
Is my implementation of user authentication between two sites correct?
Hi all! I have two sites in php.
It is necessary to implement the following:
- If the user logs in on the first site and goes to another one, then automatic authorization also takes place there.
Password encryption is different.
User logins are the same on both sites.
My solution to the problem: - the 1st site on which the user is currently located makes a POST request to the site 2 with data - the user's login and token (a string that will be entered into the code on both sites), if these data match + a request from the domain from which the request should be, then site 2 returns to site 1 the user's password in encrypted form.
The user will see a link after clicking on which he goes to site 2 with the following parameters: token, user login and encrypted password returned from site 1.
After the redirect, site 2 decrypts the received password using its own methods with its own security keys, and if it matches, the user will log in automatically.
I'm wondering if it's safe?
If not, what would you suggest changing?
There is no need to offer complex solutions, since sites and services are complex - everything must be implemented very simply.
Thanks a lot!
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question