2

I am trying to share a JWT across multiple Ember applications and Java APIs. The idea is to have one application/API that handles the authentication. Once a user is authenticated, then the user can access other applications with the same token.

I'm currently using ember-simple-auth and ember-simple-auth-token to generate my tokens. All is fine for generating the token for the application I use for user login. However, when I try to link to another application, I am unable to pass the token along. What is the best strategy for sharing tokens?

Sean
  • 63
  • 1
  • 6
  • I don't understand what sending token means. When you login from any application if token existed in server you pass that token to requesting application. This should be handles in server – Ebrahim Pasbani Aug 01 '16 at 23:04
  • @ebrahim, think of a microservices architecture where all applications and API services are segregated. I'm looking to have one application and its associated service handle authentication and token generation. The generated authentication token can then be used for authentication with other applications, similar to SSO. – Sean Aug 01 '16 at 23:16
  • Why you do not use a SSO? When a user is going to be identified and has no token, it is redirected to the central application. If your API is going to be consumed by a third party you would also need Oauth2 – pedrofb Aug 02 '16 at 12:43
  • @pedrofb, SSO may end up being the answer. However, I'm looking for something more lightweight for now. All of the APIs are in the same domain, just different subdomains. I'm curious if this can be done with ember-simple-auth. – Sean Aug 02 '16 at 13:12
  • 1
    You could store the JWT in a cookie in main domain `.yourdomain.com` (not localStorage) See http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain. Each application in subdomain `app.yourdomain.com` check if the token exists and use it for authentication. If the cookie does not exists, then redirect user to login – pedrofb Aug 03 '16 at 19:37
  • @pedrofb, I actually created a working implementation using a cookie. I was going to post back here when I have finalized the solution. Thanks for the help. – Sean Aug 03 '16 at 19:56

1 Answers1

0

For the multiple Ember apps and java apps that you want to share JWT, if these apps are under the same domain, then it should be easy to use Ember Simple Auth with CookieStore.

Please see this tutorial for full implementation. https://github.com/Tinylegend/scalatra-ember-cli-tutorial/tree/9.share-auth-in-ember-apps

Rocky Fan
  • 1
  • FYI: The above sample has a document in /docs. Link : https://github.com/Tinylegend/scalatra-ember-cli-tutorial/blob/9.share-auth-in-ember-apps/docs/share-auth-in-ember-apps.md – Rocky Fan Apr 20 '17 at 15:26
  • 1
    Do not comment if you want to add something to your answer. – M-- Apr 20 '17 at 15:43