Reputation: 33
Sharing oauth token across subdomains for authentication
I am trying to create a web portal which consists a list of links to multiple other applications hosted in subdomains of portal. Portal and individual applications use same third party oauth2 provider with same public key.
What should be the preferred approch to facilitate seamless navigation for user without asking for a login for each application? If user is logged in to portal then he should be able to open any application links without any re-login.
Only way i can think of is when login happens in portal, token should be saved in a cookie at root domain. This will make this cookie shared across all applications as they all are hosted in subdomains of portal.
Is there any other way to achive seamless navigation across all applications? What is the industry standard to achive this behaviour?
Appreciate any suggestions from your side.
Upvotes: 0
Views: 41
Answers (0)
Related Questions
- How to validate an OAuth 2.0 access token for a resource server?
- What are the main differences between JWT and OAuth authentication?
- How does OAuth 2 protect against things like replay attacks using the Security Token?
- Securing my REST API with OAuth while still allowing authentication via third party OAuth providers (using DotNetOpenAuth)
- Creating an API for mobile applications - Authentication and Authorization
- SSO with CAS or OAuth?
- PHP Session Across Subdomains
- Sharing session across rails apps on different subdomains
- Joomla persistent user sessions across fake subdomains and primary domain