Menu
I Have separate Authentication app and multiple spa apps hosted on subdomains and I want to share the JWT token generated (which is generated when the user logs in from authentication app) from Authentication app to other apps hosted under subdomains. How can I do that? ex: xyz.com is the main domain and x1.xyz.com, x2.xyz.com are the subdomains)
238
If you're new to JWTs, here's a quick wrap-up. A JSON Web Token (JWT, pronounced "jot") is a compact and url-safe way of passing a JSON message between two parties.
You create subdomains to help organize and navigate to different sections of your main website. Within your main domain, you can have as many subdomains as necessary to get to all of the different pages of your website.
JWT tokens provide secure access to an authenticated user, and attackers are always looking for ways to steal these tokens and quickly gain access by impersonating a consumer.
Basically you need a SingleSignOn system. Before selecting a protocol or framework (or not) consider what kind of flow you need:
Option 1 redirections: (e.g openid or saml)After login in the main domain, redirect user to subdomain sending the JWT. Attach the token when jumping from a subdomain to other. Enable a classic SSO based on sessions in the main domain to redirect user when access directly to a subdomain without token.
Option 2 shared token across domain: (e.g google webs) Authenticate in the main domain and store the JWT in a cookie / localStorage of the main domain which is connected from the SPA in subdomain using an iframe See full answer here: https://stackoverflow.com/a/40555970/6371459
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
