Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JWT token for cross domain authentication

Tags:

authentication

php

jwt

single-sign-on

I'm trying to create a simple SSO system in PHP for two domains which are thematically connected.

So I was wondering if it is possible to store a signed JWT token containing user username from domain A to the local storage. And then to verify the JWT using the same secret key from a domain B which would lead to a successfull authentication.

I've search google for some answers and I found some of them containing a middle authentication domain, which would take care of authentication. But I would like just to link the two domains I have.

Thanks.

like image 579
Ales Avatar asked Feb 14 '17 15:02

Ales

People also ask

Can JWT be used for SSO?

If you use single sign-on with JSON Web Token (JWT), a user is automatically verified with the identity provider when they sign in. The user is then allowed to access Zendesk without being prompted to enter separate sign-in credentials. As a Zendesk admin, your role consists of enabling the SSO options.

How JWT token works for authentication?

On successful authentication, a JWT token is generated and returned, which can be consumed by the app to create a user session. The token is automatically verified with the IDP when they sign in. The user is then allowed to access the apps without being prompted to enter separate sign-in credentials.

Can JWT be used for authentication or authorization?

Both API key and JWT are used for authentication and authorization, but they do it differently. Authentication allows the user or application to use one or more methods of the API. Authorization defines how they can use those methods.

What is cross domain authentication?

Cross-domain authentication is a common approach in identity management that authenticates users for sites that run on different domains. ReachFive handles this even for browsers that block third-party cookies. Cross-domain authentication is much more streamlined when using SSO.

1 Answers

Cross-origin data storage access from domain B to domain A is not allowed by same-origin policy

Access to data stored in the browser such as localStorage and IndexedDB are separated by origin. Each origin gets its own separate storage, and JavaScript in one origin cannot read from or write to the storage belonging to another origin.

The usual solution is to have a central domain for authentication ( could be A or B) and work with redirections among domains sending the JWT or share the authentication token across domains using an iframe. See details here

OpenId, OAuth and SAML protocol works with redirections, and for example Google web suite has their apps connected trough iframes (Additionally google is an openid-connect provider)

like image 139
pedrofb Avatar answered Sep 20 '22 15:09

pedrofb
Sign in to Comment

Related questions

json_decode to array or to object
Is there any Javascript TCP Soket Library for PHP like SignalR with .NET?
Google Sign in API - How do I log someone out with PHP?
PHP 5.6 SoapClient passing decimal bug
PDO dblib nextRowset not working
Uploading to S3 from Laravel Quality Lost
Difference between ::class vs ::className() in Yii2?
How to write a function to get a tree structured output
Google App Engine serve Content-Length header
PHP prevent timeout by using modules that uses http requests
How to create a PHP-Unit test for a file download?
Find malicious PDF files using PHP validation?
When should curl_close() be used?
How to restore the right date if it was inserted lately
Why does is_numeric(NAN) return TRUE?
How to resolve a PHP-FPM Primary script unknown with a PHP-FPM and an Nginx Docker container?
PHP websockets with nginx via SSL
PHP (or whatever) CGI configuration in web.config IIS
sugarcrm fileDownload error after upgrade
How to point to manual install Microsoft ODBC Driver 13

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!