How can I use a JWT from a headless front end to automatically log in a user on a different subdomain?

Mrweiner

5/21/23, 11:47 PM

I've got a headless application with a vuejs frontend on mysite.com and a Drupal backend on backend.mysite.com, so that users can still leverage Drupal's forms, etc.

Of course, backend.mysite.com/user/login works out of the box, and I have login working on the frontend via https://www.drupal.org/project/simple_oauth (which generates a JWT for access/refresh tokens). The issue is that there is no relationship between being logged in on the frontend and being logged in on the backend.

Is there a recommended way to have an "automated SSO" of sorts that leverages the tokens that have already been generated to log the user into the backend? I guess what I'm thinking is that I would present the user with a button/link on the frontend that sends them to backend.mysite.com while handling the authentication automatically, but I'm not sure what to do logistically to make that happen.

0 + 0

Patrick Kenny

5/22/23, 12:42 PM

I may not understand your question, but if there is a drupal backend on a subdomain, and then on the main/bare domain you have VueJS with login via Drupal's Simple OAuth, are there two drupal installations (Drupal A powering VueJS login and Drupal B powering the subdomain)?

Mrweiner

5/22/23, 6:34 PM

No, there’s a single installation. The subdomain is the full drupal installation. The vuejs login essentially just gets an authentication token from the backend that can be used for API requests. The vue app is really just an API consumer.

Mrweiner

5/22/23, 6:47 PM

To be more clear, the vuejs login is just a standard <form> that POSTs to an endpoint on the drupal backend, but it doesn’t initialize a drupal session like happens when you log into drupal regularly.

Patrick Kenny

5/23/23, 4:53 AM

I see. I have an Ionic React webapp/mobile app with a full drupal site as well, but I set it up by hosting the full Drupal site at the domain, and then putting the mobile app files in a subdirectory (www.example.com/myapp) and serving the mobile app files directly from nginx. In this case, when a user logs in to the React webapp, they also get a Drupal cookie since it's on the same domain.

Mrweiner

5/24/23, 8:11 AM

Ah gotcha, makes sense. Yes just a different setup.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can I use a JWT from a headless front end to automatically log in a user on a different subdomain?

TH: ฉันจะใช้ JWT จากส่วนหน้าที่ไม่มีหัวเพื่อเข้าสู่ระบบผู้ใช้ในโดเมนย่อยอื่นโดยอัตโนมัติได้อย่างไร

RO: Cum pot folosi un JWT de la un front end fără cap pentru a conecta automat un utilizator pe un alt subdomeniu?

RU: Как я могу использовать JWT из безголового внешнего интерфейса для автоматического входа пользователя в другой субдомен?

VI: Làm cách nào tôi có thể sử dụng JWT từ giao diện người dùng không đầu để tự động đăng nhập người dùng trên một tên miền phụ khác?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.