How to: multiple projects with single authentication?

You're talking about having a central SSO for your multi-domains. This is certainly doable, and you're language suggests you're thinking along the right lines.

Basically I think what you want to shoot for is to redirect all auth requests to auth.example.com and have it issue JWT's that can be used on all the other subdomains. This may require some sort of shared persistence, or just using Passport as you say, to validate the JWTs - which will certainly work.

So without getting into specifics, I'd say you're on the right track.

@burlresearch Thanks for the reply! Good to know that I'm on the right track.

I don't know enough about JWT/Passport/Oauth to really understand how to make this work. I'm thinking about something like this (assuming I'm using Passport):

1. From the SPA at dashboard.example.com I would pass my username and password to dashboard.example.com/api/auth/login.
2. Then, underwater in PHP, I would do a request to auth.example.com/oauth/token to get my token. I would pass the access token back to the SPA at dashboard.example.com
3. I would then continue as normal, by making requests to dashboard.example.com/api/some-route, adding an Authorization header.

This would result in a 401, because dashboard.example.com doesn't know anything about authentication. So my guess is that I need to find a way to grab the Authorization header, and validate it against auth.example.com.

Any ideas how to make this work?

Any progress on this? Facing a similar issue - i.e. want to implement a multi-project log in system

Any updates on this? I am struggling with the same exact issue(s) as OP. How can I authenticate users on dashboard.example.com/api, cms.example.com/api, ... with the token obtained from the passport auth server?