I’m looking for a way to do single sign on (SSO) between multiple domain names. The scenario I want to achieve:
- Users log in at auth.foo.com (email / password only, no external providers)
- Users will be automatically logged in to:
All sites use the same database and there are no third party websites involved.
I think there may be a way to do this by opening an iframe to auth.foo.com with a token (also saved in the database) in the url params, and then auth.foo.com checks for a logged in user and updates the document for the token with the user’s userId. The original site (e.g. www.bar.com) then logs the user in based on the userId that was added to the document.
I also think that someone is going to point out a security flaw or three with this, so would rather use an existing & tested solution that works with Meteor. All sites will be TLS (https) only.
Any experience or comments would be appreciated!