I Have separate Authentication app and multiple spa apps hosted on subdomains and I want to share the JWT token generated (which is generated when the user logs in from authentication app) from Authentication app to other apps hosted under subdomains. How can I do that? ex: xyz.com is the main domain and x1.xyz.com, x2.xyz.com are the subdomains)
Asked
Active
Viewed 1.8k times
1 Answers
16
Basically you need a SingleSignOn system. Before selecting a protocol or framework (or not) consider what kind of flow you need:
Option 1 redirections: (e.g openid or saml)After login in the main domain, redirect user to subdomain sending the JWT. Attach the token when jumping from a subdomain to other. Enable a classic SSO based on sessions in the main domain to redirect user when access directly to a subdomain without token.
Option 2 shared token across domain: (e.g google webs) Authenticate in the main domain and store the JWT in a cookie / localStorage of the main domain which is connected from the SPA in subdomain using an iframe See full answer here: https://stackoverflow.com/a/40555970/6371459
