1

I do have implemented SSO that working without BE changes. which using Query Parameters to throw the JWT token based to another subdomain. for example:

  • Auth App
  • App 1
  • App 2

When we accessing "App 1" , then it will redirect you to Auth App for sign in, after Sign in was success, it will redirect you back to "App 1" with ?token= , then App 1 will save it under local storage. then, if you access "App 2" it will redirect you to "Auth App" to get your previous JWT and redirect back to "App 2" with ?token= which will do the same as "App 1". i know its Ugly but its working perfectly with this scenario.

which we dont need to do signin everywhere.

For this workaround, im used ReactJS as Frontned, and Cognito as Authentication which using Amplify to work with

my question here is, is there any better solution to implement this ? because, if we do logout on App 1, it wont be logout to any others App we have, the Token will still available.

sorry for my english, i wish you all understand my approach

acul
  • 53
  • 7
  • or do we need to store our token on DB, like Laravel Sanctum implemented ? the problem will be, how our Backend know which token are asked from which user ? using IP? or anybetter solution ? – acul Dec 28 '21 at 06:46
  • were you able to figure this out? i'm also doing something similar! – Nivethan Oct 14 '22 at 12:29

0 Answers0