Currently we have two apps running (accounts) and the other app .We implemented SSO with iframe postmessage. All works well . Except Apple users have to Disable ‘Prevent cross site tracking’ for them to login without Issues .
We have different ideas around this.
- OAuth. But it’s and MVP. They are both ours. so it doesn’t really make sense .
- So take a look if I have login on accounts.example.com ,get the token and redirect to music.example.com/login?tok=tokenId , call Meteor.loginWithToken with that token
Second choice is just sad because some that sniff that token
What would you suggest ?
to have an idea of what’s this mess is all about
(https://listen.meteorapp.com)
(https://nb-accounts.meteorapp.com)