Share Web API access token in different domains

Asked

Viewed 144 times

2

Hello.

I’m having a hard time sharing an access token (bearer) with different domains. This happens because I have to make a login page outside the domain of the site that consumes the REST API. This site maintains the token on localStorage, which is not cross-Omain. Any suggestions so that outside the domain I can 'play' this token for a specific domain?

Note: By GET was the only way I could, but I didn’t want it to be passed through the URL.

  • And why not? Facebook does this.

  • Well, apart from a request like you commented (which is not the best way), you need to make a clustered web server so that the user’s session is available to all servers. I say again that it is not an easy implementation to be made.

  • I imagine not. The fact that it cannot be by GET is because of copies that can be made by the user. So one person can access another person’s account if the user does not log out.

1 answer

0

I was able to do it through cookies. I don’t have a necessary experience in this matter to know if it is good or bad practice.

Can you comment on that, please?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.