We have different simple applications that share a simple registration and access application.
- login.com
- app1.com
- app2.com
We use the Firebase authentication service. It allows us to register and access "login.com".
Firebase authentication also allows us to request a custom token that we can send to other applications to get access.
In order to pass this custom token we have worked with the iframe and the postMessage methods. Storing the token in localStorage in the login.com application and retrieving it in any of our applications.
This approach works in Chrome and Firefox but not in Safari.
We have verified that this is due to changes to the security rules implemented by the Safari team. All domains have their own isolated and independent localStorage, even if they are embedded within another website. And it is not possible to share the data from the localStorage in this way.
However, we have found that many sites manage to solve this problem in Safari. Among them Google.
How do these sites resolve information passing between their domains in Safari?
Maybe our approach with iframes is wrong, we are not looking for an all-in-one solution. Any information that helps us keep pulling the thread will be great.
Aucun commentaire:
Enregistrer un commentaire