I'm looking a way to securely share a token between one webapp with the front-end of a second webapp.
Environment details:
Notes:
I did some research, and found some options:
The question is: Is there a best practice or another way to share a sensitive data (token) between a webapp and a front-end located on other domain/app?
I think there is not a fully secure way to do it because you want to handle the share on the client side and that will be always exposed, though you can take a different approach like share a request token via GET param to the second webapp and there call a validation API that validates the origin of the request (should be restricted to the second webapp domain) and also validate the passed token and then return the actual session token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.