search

qvest-digital / loginsrv

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
MIT License
1.92k stars 148 forks source link

Share JWT token across subdomains #172

Closed cceyda closed 3 years ago

cceyda commented 4 years ago

[with caddy-plugin] I want to be able to access y.domain.com and x.domain.com with the same token. My use case is; I have some static files at y.domain.com that are being loaded insidex.domain.com. What would be the correct/secure setup for this? I'm guessing I might be able to set this up using the redirect_host_file, but have no idea how? or maybe with this PR ?

My current settings:

x.domain.com{
....
    jwt {
        path /
        redirect /login?backTo={rewrite_uri}
      }
    login {
      htpasswd file=[pass_file_path]
      redirect_check_referer false
      redirect_host_file [redirect_file_path]
}
}
y.domain.com{
....
    jwt {
        path /
        redirect /login?backTo={rewrite_uri}
      }
    login {
      htpasswd file=[pass_file_path]
      redirect_check_referer false
      redirect_host_file [redirect_file_path2?]
    }
}
magikstm commented 4 years ago

Should be doable with cookie-domain depending on versions you currently use.

Ref: https://github.com/tarent/loginsrv/issues/102

I'll try to add an example to the doc on the main page this weekend.

averri commented 3 years ago

Hi @cceyda, your backend that creates the jwt cookie neet to set its domain to domain.com. In this way, the cookie will be valid for all subdomains of domain.com.

cceyda commented 3 years ago

Thank you~ I will close this now.