7

We have SaaS product that is branded for each of our clients along with their own domain. We're in the design phase of building an api that would allow third-parties to create widgets or completely different websites for our clients. One of the first and hardest challenges is getting authentication right.

I'm not fully versed in how the Stack Exchange sites handle it but at first glance it seems like a similar scenario. Each site has their own accounts and authentication yet somehow they're linked together. When I log in to stackoverflow.com and then visit serverfault.com it automatically logs me in. Does anyone have any specifics on how they've implemented this?

A couple of things we're considering:

  • Do we make each account a "Stack Exchange" level account and then authorize each tenant and each application?
  • Do we let each tenant be there own oauth provider and then just have the user authorize each application?
  • How could we handle auto-login like stack exchange does?

Again, we're still early in the process and want to get it right out of the gates. Any suggestions and best practices would be appreciated.

Micah
  • 111,873
  • 86
  • 233
  • 325
  • "yet somehow they're linked together" Stack Exchange is an OpenID consumer; your example seems out of place. Have you researched "OAuth and OpenID" and "OAuth vs OpenID" issues? I just made a quick test: I removed SO and SX cookies and tried to log in. SO set a "gauthed" cookie. I visited Ask Ubuntu, which set another cookie. No SX cookies in sight. I guess the auto-login comes from Google (I assigned Google as my ID provider to each SX site I visit). – Jesvin Jose Oct 28 '11 at 09:44
  • What did you decide on ? I'm facing a similar situation right now. We want to syndicate our apps to third party sites, but want to hook into their registration (use them as an identity provider). – HaxElit Mar 16 '12 at 16:15

1 Answers1

1

Though your question is quite old, it is still without an answer.

Here's information on how StackExchange multi-site authentication works (technical mostly):

And here'is a blog post announcing it:

Wish you find your answers. If you have already resolved your issue, please share your approach with us.

Community
  • 1
  • 1
mcmlxxxiii
  • 913
  • 1
  • 9
  • 21