Cross Domain Authentication

I have been working on a project that utilises GraphQL workflow to interact with FaunaDB.
Using @databrecht skeleton-auth as a solid example I integrated httpOnly cookie auth into my app.

I would like to share users across two domains (entirely different TLD)

Is it at all possible to share a token across domains to enable SSO or am I missing something critical? I know the cookies will not work but I’m thinking a possible Lambda that checks for an existing session in the db from that user or a centralised auth subdomain that manages both.

What would be the best way to go about this?

I’m not in my comfort zone to answer this question TBH but I can give it a shot. Although I won’t be able to help you further probably with follow-up questions since I’ve never implemented something similar :slight_smile:.

  • Of course, the obvious first option is to opt to keep sessions separate.
  • The second probably is to keep your login flow on one domain and redirect to that domain when you log in / refresh and redirect to one of those two domains when login succeeds and provide your domains with the necessary information (e.g. a short-lived fauna token). Very similar to an OAuth/OpenID flow that Identity Providers are using (using an Identity Provider might actually make what you are trying to implement easier).
  • A third solution would also be rather obvious but make sure they are on the same domain, e.g. and

There used to be solutions where you use a third intermediate website that holds the cookies which you could, for example, encapsulate in an Iframe and communicate with. However, if I’m not mistaking with third-party cookie prevention these solutions are no longer possible.

1 Like