SSO WPF and SPA

Question

I have a WPF application who uses the azure AD with open id to authenticate users and the WPF application then uses the refresh_token to renew the access_token and use that access_token to call our protected API.

I now want to create a SPA, is it possible to get SSO working between these two applications - so if the user is signed in on the WPF application they will automatically be signed in on the SPA application as well without the need to re-enter any credentials?

Answer 1

The answer depends a little on how you have implemented things. In both cases the 2 apps will each do a redirect to sign the user in, and you need 2 different OAuth client registrations, as agua from mars says ...

OPTION 1 (PREFERRED) - DESKTOP APP USES SYSTEM BROWSER

This will enable SSO to work due to a shared Identity Provider cookie. Also, password autofill for one app will also work for the other app, so that re-logging in is not too painful. However, the Login UX is a little strange, since the user has to switch to the browser to sign in.

OPTION 2 - DESKTOP APP USES WEB VIEW

This is easier to code but can be more problematic in Login UX terms, since the web view acts as a private browser session, which may require the user to sign in again. Also password autofill may work less well.

ONLINE DEMO

To see both cases working together you could run both samples from my Online Quick Start Page. You can run the SPA from an online URL, but the desktop app is NodeJS based and needs to be run from your PC.

You will see that after logging into one of them, there is a redirect when starting the other, but authentication will be automatic.

Answer 2

Absolutely, it will work, you just have to configure 2 applications. Actually it's what OAuth is used for.