Let us consider I have 2 websites A & B. Now I have logged into A using my credentials & a token has been generated. I have stored the token & Client IP along with the token's expiry into the DB. Now there is a button inside A which will redirect me to B. I want B to be authenticated with the same token so that I don't have to manually log into B.
Also I cannot skip the login page of B every time as one might directly log into B (without A) at that time login is required .
So how can I get the token once B is launched only via A.
It sounds like you are trying to implement SSO (Single Sign-On) flow. Let's say we have two sites "site-a.com" and "site-b.com". There multiple ways we could go about building SSO, the easiest would be to have a shared "gateway point" (let's call it "sso-site.com") that implements the following flow:
There are multiple ways the gateway could control the flow between sites, it all depends on the business logic you are building. The key part here is that the site navigation is forced through a central gateway that makes sure that the users who should log in are logged in and do so only once.
Hope that helps!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.