Sorry Repeating this but it’s quite Urgent.
Currently we have two apps running (accounts) and the other app .We implemented SSO with iframe postmessage. All works well . Except iPhone and Max users have to Disable ‘Prevent cross site tracking’ in settings for them to login without Issues .
We have different ideas around this.
- OAuth. But it’s an MVP. Also it’s our application so it doesn’t really make sense .
- there’s (https://nb-accounts.meteorapp.com/) ,get the token and redirect to music.example.com/login?tok=tokenId
Second choice is just sad because some bad guy can that sniff the token
What would you suggest ?