admin管理员组

文章数量:1125094

I have two separate Angular applications, however, user might have privileges to both of them. I would like to implement autologin between them - so if user logs into App A, then clicks a redirect button to App B, then he would be automatically logged in.
After logging to any of the applications, the token (JWT) is stored in session storage. I was thinking about passing the token to the other application, which would automatically log the user in. Is there a secure way to achieve this?
The applications have the same domain, e.g.:

  • app-a.example
  • app-b.example

I have two separate Angular applications, however, user might have privileges to both of them. I would like to implement autologin between them - so if user logs into App A, then clicks a redirect button to App B, then he would be automatically logged in.
After logging to any of the applications, the token (JWT) is stored in session storage. I was thinking about passing the token to the other application, which would automatically log the user in. Is there a secure way to achieve this?
The applications have the same domain, e.g.:

  • app-a.example.com
  • app-b.example.com
  • angular
  • jwt
  • websecurity
Share Improve this question asked 2 days ago mar3gmar3g 1322 silver badges8 bronze badges 2
  • 1 Did you check this question? stackoverflow.com/q/4026479/5470544 – JSON Derulo Commented 2 days ago
  • I think the iframe solution is no longer viable due to storage partitioning in the newer browsers. Storing it in cookie seems to be working fine, but it may be vulnerable to XSRF, as HttpOnly is set to false (since the cookie has to be accessed from other app). – mar3g Commented 2 days ago
Add a comment  | 

1 Answer 1

Reset to default 0

You can archive by cookie(genrally SSO use this method)

  • step one: set cookie
  • step two: get cookei where required
  • with this cookie call authenticate APIs

本文标签: jwtHow to securely share access token between Angular applications in the same domainStack Overflow

版权声明:本文标题:jwt - How to securely share access token between Angular applications in the same domain? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736655082a1946233.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。