Closed xmlking closed 9 months ago
Please, would you mind summarizing your objective?
in some cases, companies want to host related webapps on multiple subdomains
e.g.,
example.com
<-- marketing site
docs.example.com
<-- docs site
console.example.com
<-- dashboard site
billing.example.com
<-- billing site
It make sense if end user login to console.example.com
, they should be able to seamlessly login to other sister sites with same domain name i.e., *.example.com
.
To accomplish this, we should be able to set session cookie at domain level.
I was using like this with AuthJS to setup cross-subdomain session cookie:
export const domain = new URL(envPub.PUBLIC_BASE_URL).hostname.replace(/^[^.]+\./g, '');
cookies: {
sessionToken: {
name: cookieName,
options: {
httpOnly: true,
sameSite: 'lax',
path: '/',
domain: domain == 'localhost' ? domain : '.' + domain,
secure: useSecureCookie // process.env.NODE_ENV === 'production'
}
}
}
I am planing to switch to hasura-auth
and wonder how to do same with hasura-auth
.
Closing as this is already supported.
In hasura-auth you will need to configure the client url and allowed urls (settings -> authentication). On the client side then use the redirectTo
based on the domain you are in during sign up/in operations. This assuming each subdomain has their own login page. Otherwise, if you have a single "login" domain you don't need this (well, you will need the client url)
To accomplish this, we should be able to set session cookie at domain level.
Assuming you are using our sdks you can handle the behavior for dealing with cookies yourself overriding the ClientStorage.
If you have doubts or questions I'd suggest you to open a github discussion or reach out to us on discord.
is it possible to implement authentication across all subdomains like this ?
https://kanakkholwal.medium.com/how-to-implement-authentication-across-all-subdomains-using-next-auth-in-next-js-2ad8393c268d