Thanks Zlatko, Definitely I got a starting point from your approach and will work on it, it seems to be a proper methods for now and the only points I think will need more attention that is passing the token on redirection because in that case url will have this and to remove I will have to reload it again once I have saved the token with local storage.
I am not sure if I should develop login page in angular or with html only, need to work to figure out the exact approach for this. One way I thought about is make the login page with angular and save token as localstorage or cookie and then reload to vendor subdomain and there I can access the token again without any api, I am not sure if its secure or not but could be a initial implementation method. On Wednesday, 25 October 2017 14:49:18 UTC+5:30, Zlatko Đurić wrote: > > So I assume that e.g. I login to login.app.com as *[email protected] > <javascript:>*, then your login API returns something like: *{ > accessToken: ..., domain: mydomain }*, and then login form redirects me > to mydomain.app.com. Yes, in that case, you'd likely lose all that extra > info. > > Now, first the simpler attempt: can you host the login form on each site > directly, and then just call the common login *API *endpoint from there? > That would work better. > > Otherwise you'll have to pass some sort of a token from your login.app.com > page, and then on app init, you can go and check that token and get that > original response again. E.g. login.app.com will get *{ domain: myDomain, > authToken: 'some_value' }*, and redirect you to > *mydomain.app.com/authenticate > <http://mydomain.app.com/authenticate>?**auth**Token=some_value*, and > then the /authenticate page on mydomain.app.com will take this token, > again go back to some backend API, and fetch the original *accessToken* or > user data or whatever, then redirect you to / or whatever. Basically > something like OAuth. You'd have to deal with these status/refresh/whatever > tokens, make sure they expire on time and all that on the backend, but if > that's the requirement, than that's the requirement :) > > Anyway, hope that helps, but if you provide more details on what goes on > on your login.app.com, someone might come up with a better proposal. > -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
