I have two apps using the same Accounts server. I can login on one , use the login token to login on the other app. Works fine
so if I have login on accounts.example.com ,get the token and redirect to music.example.com/login?tok=tokenId , call Meteor.loginWithToken with that token
and redirect finally to target address music.example.com/dashboard
So the question is, is it ‘nice’ exposing that token in the url for a while?