I have been working on a project that utilises GraphQL workflow to interact with FaunaDB.
Using @databrechtskeleton-auth as a solid example I integrated httpOnly cookie auth into my app.
I would like to share users across two domains (entirely different TLD)
Is it at all possible to share a token across domains to enable SSO or am I missing something critical? I know the cookies will not work but I’m thinking a possible Lambda that checks for an existing session in the db from that user or a centralised auth subdomain that manages both.
I’m not in my comfort zone to answer this question TBH but I can give it a shot. Although I won’t be able to help you further probably with follow-up questions since I’ve never implemented something similar .
Of course, the obvious first option is to opt to keep sessions separate.
The second probably is to keep your login flow on one domain and redirect to that domain when you log in / refresh and redirect to one of those two domains when login succeeds and provide your domains with the necessary information (e.g. a short-lived fauna token). Very similar to an OAuth/OpenID flow that Identity Providers are using (using an Identity Provider might actually make what you are trying to implement easier).
There used to be solutions where you use a third intermediate website that holds the cookies which you could, for example, encapsulate in an Iframe and communicate with. However, if I’m not mistaking with third-party cookie prevention these solutions are no longer possible.