I have several Angular web app hosted on app.example.com, app2.example.com, app3.example.com and so on. The login process happens into a dedicated component of the app.
However when an user registers, the process is hosted into an iframe. The iframe is sourced from a different subdomain (reg.example.com) or domain (reg.another.com) depending on the market. On registration success the credentials will let the user login only for the hosting app he is currently registering from (say app.example.com).
There is communication between the two apps, so i can detect from the hosting app, when the registration app into the iframe is loaded or when the registration is completed (either success or fail).
Here comes the issue, having such approach when an user completes the registration the Browser asks to save credentials which is fine, although the browser stores the Credentials for the iframe domain (reg.example.com or reg.another.com).
So when the player try to login I have 2 issues (assuming the user has saved the credentialson registration):
The Credentials have been saved for the same domain (reg.example.com): When the user tries to log in, will have those credentials suggested for any of the apps however the credentials will success only on the app he registered from (app.example.com). And the browser is not helping in chosing the right credentials,that is because it will shows the reg.example.com domain in small under the suggestion.
The Credentials have been saved for a different domain (reg.another.com): When the user tries to log in, no suggestions will be prompted as the credentials have been saved for a different domain.
I can fix this on compatible browsers by triggering the Credentials Management API **store() **method from the hosting app on registration successful, although Firefox and Safari do not support the Password Credentials object.
The login process is fine and the browser will store the credentials for the corrent domain and subdomain, that is because the login happens on the current app the user is on (app.example.com or app2.example.com etc.)
How can i fix this issue?
As described above. Credentials Management API, but not working with all the browsers.
I tried to create an hidden form and submit it when the registration is completed but the Password Manager is not listening. Because that we autologin the user when the registration is completed I have also attached the login request on that form. But not working.
