Sharing token among multiple websites to prevent logins in each websites
Question
Let us consider I have 2 websites A & B. Now I have logged into A using my credentials & a token has been generated. I have stored the token & Client IP along with the token's expiry into the DB. Now there is a button inside A which will redirect me to B. I want B to be authenticated with the same token so that I don't have to manually log into B.
Also I cannot skip the login page of B every time as one might directly log into B (without A) at that time login is required .
So how can I get the token once B is launched only via A.
1 answers
solution1
0 ACCPTED 2019-12-10 19:07:57
It sounds like you are trying to implement SSO (Single Sign-On) flow. Let's say we have two sites "site-a.com" and "site-b.com". There multiple ways we could go about building SSO, the easiest would be to have a shared "gateway point" (let's call it "sso-site.com") that implements the following flow:
- The user comes to site A
- They get redirected to the SSO gateway
- SSO gateway checks for the token. If found, it redirects the user back to the site A. If the user needs to login, they are redirected to the login page and then back to the site A.
- Any link to site B will put the user through the same "gateway" (same authentication flow as above)
There are multiple ways the gateway could control the flow between sites, it all depends on the business logic you are building. The key part here is that the site navigation is forced through a central gateway that makes sure that the users who should log in are logged in and do so only once.
Hope that helps!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.