DEV Community

MariH
MariH

Posted on

Sharing authentication with Iframe hosted on third party website. How?

Hello everyone, I have following problem. I need to share an authentication status with an iframe hosted on a third-party website (so cross-domain). The iframe is embedding my site, which is protected by a login. I am currently managing authentication via express-session, so when a user logs in a value (f.e. req.sessions.loggedIn) is set to true. However, this is not shared with the iframe ofc, so the user would have to login every time he uses the iframe. What would be the best way to manage this? How can I share an "auth-status" with the other domain in a secure way?

Top comments (2)

Collapse
 
vmustafa profile image
Vlaznim Mustafa

You can use JWT for sharing authentication. When a user logs into your site, you can create a JWT that includes the user's identity and any other data you'd like to include.
Then, when loading the iframe, you can include the JWT as part of the iframe's URL. The third-party site can then read the JWT from the URL, validate it, and use the data it contains to authenticate the user.

Collapse
 
maricix profile image
MariH

Thank you for your reply. But this approach would only work, if I control the third-party domain right? How would the validation work?