All geek questions in one place

Google multilingual login ala

I’m not sure that the title is absolutely right for the question, but I can’t think of another way to put it.

Suppose you wanted to create several different web applications, but you wanted a user who was registered in one application to be able to go directly to another application without re-registering (provided that they have perms to look at another application as well ) If I'm not mistaken, if you are logged in to gmail, you can go directly to your iGoogle, googleReader, etc. Without logging in again (if you configured it correctly).

How would you approach this? What would you use? Suppose the applications already exist and you do not want to change the login login page for users.

+4
source share
5 answers

What you are looking for is called Single Sign On . If you follow the link, you will find several implementations.

The Open ID that others have talked about is not such a scheme that requires a separate login for each site. An open identifier is simply a general authentication system.

+6
source

You have issued a cookie against foo.com, which will then be visible on app1.foo.com, app2.foo.com.

Each application can then use a cookie to access a centralized authentication system.

+3
source

Try CAS , it should provide the features you are looking for.

+3
source

What you want is single sign-on (SSO).

There are two approaches to solving this problem:

  • Roll up your own implementation. In its most trivial form, it can be implemented on the first site by setting a cookie that contains a ticket for a registered user, and the second site checks this ticket and accepts the registered user. There are quite a few potential errors here:

    • you need to protect yourself from information disclosure - make sure that the ticket does not contain the actual user credentials.
    • you need to protect yourself from substitution - a person in the middle steals a valid ticket and represents one of your users.
    • and others

  • Accept third-party single sign-on. Google, Microsoft, Facebook, and other large companies allow you to integrate with identity providers so that your users can log in to their site and they process validation, ticket issuance, and so on. There is also OpenID, which is an open protocol that you can use to enable single sign-on to your site through almost any identity provider that supports OpenID. The potential flaw here is that someone else is controlling your access to your user identification and may limit the capabilities that you can offer and the data that you can use for your users.

+2
source

As already mentioned, you can use something like OpenId or similar to make the process simple. Otherwise, if you refuse your own, you can use a cookie to store the login, then basically ALL applications should have an entry point that mimics the base url.

Google, for example, uses mail.google.com as a pipeline in Gmail, which allows it to read cookies stored on google.com.

0
source

Source: https://habr.com/ru/post/1277545/

More articles:


All Articles