3

Say I run example.com and 3rd-party.com is a trusted partner. Sometimes I want to send my users to 3rd-party.com while letting this website know who the user is (by providing the user's Id), in a way that would not require any user action. Is there any way to do this with an (open) standard (e.g., OAuth, OpenID)?

Having spent hours investigating different options, I can tell that many are doing similar things, but not exactly what I want to accomplish here:

  • Skip any user prompt. Authentication on the 3rd party app should be seamless.
  • The user journey begins on example.com, not 3rd-party.com.
  • I need to embed the 3rd party web application in an iframe.
  • I also need to redirect the user to the 3rd party application.

Please note that I'm looking for options that would rely fully on standards, preferably open ones. I already have a couple of custom-built solutions in case there's no way to do this with a standard technology.

Gus
  • 1,132
  • 13
  • 21
  • could you please clarify the last two bullet? Do these two need to happen in different scenarios for your use case? In the latter case, I assume it would be acceptable for 3rd-party.com to be the URL? – Euan Oct 02 '14 at 07:58
  • Yes, they are different cases. And yes, in the second case, after authentication, the URL in the browser's address bar should belong to 3rd-party.com. Thanks! – Gus Oct 02 '14 at 11:25

0 Answers0