The blog on how to build a Single Sign On application is on its way.
If you have more than one application but want to login only once to access all the applications in your domain, then Single Sign On is the way to go.
So without much ado lets begin. The concept is simple. Build one application (Single Sign On Application) that will handle the account details and login requirements.
When the user, trying to login, say in Application-1, he is first “redirected” to login application. The SSO application then authenticates the user and sends a token back to the application . This token could be a JWT token which has details of the user and the expiry age. This also means Application-1 sends its url to SSO Application so that it can redirect the user back to the user application (Application-1 in this case).
On receiving the call from SSO Application, Application-1 should extract the token and set it as cookie in the browser. Just a reminder, cookies are specific to domain.
So, once the cookie is set in browser, its available for all the applications on same domain. In case the user tries to login into Application-2 on same domain, the browser will send the token to Application-2, which in turn can validate the token. If the token is valid, the user should be allowed to access the application. And if the token has expired, then the user can be redirected to SSO application.
So lets dive in into the code. There will be three applications in this case
- SSO Application [ does authentication]
- Application-1 [checks if authentication cookie already exists in request. If yes then check validity. If required redirect request to SSO ]
- Application-2 [checks if authentication cookie already exists in request. If yes then check validity. If required redirect request to SSO]
Educate and Enjoy 
Leave a comment