0

I have 2 domains, (NOT SUBDOMAINS) Domain A Domain B

My users create a account on Domain A and create / login a new account on Domain B with the same info by just clicking a button with "login with Domain A". A better way to explain is: i would like a "login with google" on domain B and domain A would google in this question.

My question is: what would be the best way to approach this, I don't want to share a database across the 2 domains so I thought maybe this could be done with cookies like in this post https://stackoverflow.com/a/6816659/19055225, would this be a good idea if I encrypt the cookies or are there better ways?

The timeline of a user wanting to login on domain B with domain A's login:

Creating account on domain A: going to domain B to create a account with the created account on domain A, the user will be redirected to domain A with an allow form.

When users allow the creating of an account with the known data on domain A they will be redirected to domain B where they get a succes messages (the data is shared with domain B)

users can now login on domain b with the account from domain A (each login click they will be redirected to domain A for an "login" button to login on domain B)

What would be the best approach for this project? i already made the html,css and php/js ready forms for every screen.

Gijzy
  • 102
  • 9
  • cookies, and dont register it to the domain because you will need to access it from another domain - or you can send the user with a token in the URL that the second webpage can capture and use – alilland May 09 '22 at 00:25

1 Answers1

1

In essence, what you're asking for has nothing to do with the browser, nor should it; you would never want to share information like that cross-domain, as anything (the users data) could be stored/taken from one website to another (i.e., a company that uses your data for whatever they want).

In my opinion, the question should be directed more toward the backend/database. You have a few solid options:

  • Share the same database (you said you didn't want to, but feels like it should still be said)
  • Create a "conversation" between servers (http requests, web sockets)
  • Database replication (though this isn't easy to make work well in real time, not to mention scale, without tools like rabbitmq)
  • Share information via encrypted data in the url with a key both servers have in their env to decrypt (less ideal option imo)
Mytch
  • 380
  • 1
  • 3
  • 16
  • The problem with database sharing is the website gets access to the whole database and I would like to make it possible that only when users register on domain b, domain b gets their data from domain A, do you think it is possible to only share specific parts of the database per user with domain b? Secondly i never worked with websockets and http requests so i will figure that out i think. thirdy with sharing encrypted data in the url do you mean with parameters or just like website.com/encrypteddatahere/ – Gijzy May 09 '22 at 14:15
  • @GijsBijl Yes, that style for the url. Either in the params like your example, or in a query string, but either way. Moreover, it seems like you'd want to look into something like a cron job, which would just move data you decide (in an sql statement or something), instead of a full replica db. – Mytch May 09 '22 at 14:43