Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to share JWT token among multiple subdomains?

Tags:

jwt

jhipster

I Have separate Authentication app and multiple spa apps hosted on subdomains and I want to share the JWT token generated (which is generated when the user logs in from authentication app) from Authentication app to other apps hosted under subdomains. How can I do that? ex: xyz.com is the main domain and x1.xyz.com, x2.xyz.com are the subdomains)

like image 238
Karunaker Reddy V Avatar asked Jan 12 '17 10:01

Karunaker Reddy V


People also ask

Can you pass JWT token in URL?

If you're new to JWTs, here's a quick wrap-up. A JSON Web Token (JWT, pronounced "jot") is a compact and url-safe way of passing a JSON message between two parties.

Can you have multiple subdomains?

You create subdomains to help organize and navigate to different sections of your main website. Within your main domain, you can have as many subdomains as necessary to get to all of the different pages of your website.

Can someone steal my JWT token?

JWT tokens provide secure access to an authenticated user, and attackers are always looking for ways to steal these tokens and quickly gain access by impersonating a consumer.


1 Answers

Basically you need a SingleSignOn system. Before selecting a protocol or framework (or not) consider what kind of flow you need:

  • Option 1 redirections: (e.g openid or saml)After login in the main domain, redirect user to subdomain sending the JWT. Attach the token when jumping from a subdomain to other. Enable a classic SSO based on sessions in the main domain to redirect user when access directly to a subdomain without token.

  • Option 2 shared token across domain: (e.g google webs) Authenticate in the main domain and store the JWT in a cookie / localStorage of the main domain which is connected from the SPA in subdomain using an iframe See full answer here: https://stackoverflow.com/a/40555970/6371459

like image 153
pedrofb Avatar answered Sep 20 '22 19:09

pedrofb