Single Sign On for project with separate backend and frontend application

Question

My web project is developed as two applications: i) Backend application in Node.js ii) Frontend application in Angular.js

Is it possible two implement Single Sign On in the project or there would be need to combine both backend and frontend as single application.

As far as I know if there would be two separate applications then they have separate user sessions and state. So in my scenario, login at frontend may not be linked with backend using single sign on.

Answer 1

The openid Connect works very well in your scenario. The front end Angular application initiates SSO with openid connect server, and receives both id_token and access_token. The angular front end application uses id_token as authentication token. Once user is authorized to access front end application, Angular application asserts access_token in Authorization header to invoke back end Node.js application. If access_token is JWT, Node.js can locally verify the access_token. If access_token is opaque token, usually Node.js will call remote token introspection API in openid conenct provider to verify the access_token. In summary, the front end angualr is a typical openid connect flow, and backend Node.js is OAuth resource service.