I have 2 domains, (NOT SUBDOMAINS) Domain A Domain B
My users create a account on Domain A and create / login a new account on Domain B with the same info by just clicking a button with "login with Domain A". A better way to explain is: i would like a "login with google" on domain B and domain A would google in this question.
My question is: what would be the best way to approach this, I don't want to share a database across the 2 domains so I thought maybe this could be done with cookies like in this post https://stackoverflow.com/a/6816659/19055225, would this be a good idea if I encrypt the cookies or are there better ways?
The timeline of a user wanting to login on domain B with domain A's login:
Creating account on domain A: going to domain B to create a account with the created account on domain A, the user will be redirected to domain A with an allow form.
When users allow the creating of an account with the known data on domain A they will be redirected to domain B where they get a succes messages (the data is shared with domain B)
users can now login on domain b with the account from domain A (each login click they will be redirected to domain A for an "login" button to login on domain B)
What would be the best approach for this project? i already made the html,css and php/js ready forms for every screen.
CodePudding user response:
In essence, what you're asking for has nothing to do with the browser, nor should it; you would never want to share information like that cross-domain, as anything (the users data) could be stored/taken from one website to another (i.e., a company that uses your data for whatever they want).
In my opinion, the question should be directed more toward the backend/database. You have a few solid options:
- Share the same database (you said you didn't want to, but feels like it should still be said)
- Create a "conversation" between servers (http requests, web sockets)
- Database replication (though this isn't easy to make work well in real time, not to mention scale, without tools like rabbitmq)
- Share information via encrypted data in the url with a key both servers have in their env to decrypt (less ideal option imo)