i want to implement a SSO(Single Sign On) solution for my websites, I have three website completely on different domain built in laravel, I want that if a user logs in one website then he gets logged in to other websites too, same thing for logout
Can you please suggest me some methods on how i can achieve this
Thanks
@waleed_lara_1 You can’t magically create sessions on three different domains when logged in somewhere.
You’ll need to create some sort of central authentication server. You could use OAuth. So you would install Passport, and then create OAuth clients for each of your applications.
When a user goes to log in on Application A, they will be redirected to your OAuth server. Once they’ve logged in there, they will be redirected back to Application A with an OAuth token. Application A should then create a record for that user, or authenticate them if a record already exists.
When a user goes to log in on Application B, they will again be redirected to your OAuth server. They won’t need to log in as they logged in when authorising Application A. So they will just be transparently passed back to Application B with an OAuth token, which you should again use to either create a record for that user, or authenticate them if a record already exists.
Same with Application C. Redirected to OAuth server, already logged in, OAuth server transparently returns user to Application C to create/authenticate user based on OAuth token.
@martinbean Yes this approach can work but i was thinking what will happen if a user updates their record like say their email, how will i synchronize all these changes
For Example:
I have a unique identifier "email" in my central authentication server
Case 1: User is logged into Application A and changes it's email, Email will be changed in the database of the application A and i can change the email in central authentication server as well by using an api,
Now a user goes to site B, user will be redirected to the central authentication server and will recognize that it's logged in and will redirect back to site B with OAuth token, now should i see everytime that if some record needs updating like email here for instance, Is this approach a feasible one?
Application A makes API request to SSO server with updated email address.
SSO server dispatches webhooks to each application with the change.
Each application then updates the email address for that user in their own databases.
Because of this, you should not use the email address is the identifier for your users. You should use their actual ID in the SSO application. When a user authorises, they’ll get an OAuth token. You should use this OAuth token to look up that user’s details, which will include their id. You should store this as some sort of “canonical” ID in each application, and use this to handle updates, etc.
