I’m working on an Angular application (Site A) that implements a login system.
After users log in, I want to redirect them to another Angular application (Site B) while passing along the authentication token generated by Site A.
The goal is to allow Site B to recognize the user as logged in without requiring them to log in again.
My Approach:
Upon successful login on Site A, I generate a JWT token.
I redirect the user to Site B with the token as a URL parameter (e.g., https://siteB.com?token=YOUR_TOKEN).
On Site B, I extract the token from the URL and validate it.
Pros:
Seamless User Experience: Users can move between applications without additional logins.
Simple Implementation: Sending the token via URL parameters is straightforward.
Cons:
Security Risks: Sending tokens in the URL can expose them to potential interception through browser history or server logs.
Token Expiry: Managing token validity and refreshing tokens may add complexity.
Questions:
What are the security implications of sending tokens via URL parameters, and how can I mitigate risks?
Is it better to validate the token on Site B by making an API call to Site A, or can it be done locally?
Are there alternative methods for implementing single sign-on (SSO) between separate Angular applications?
I’d appreciate any insights or suggestions regarding my approach!
You need to sign in to view this answers
Leave feedback about this