The question is admittedly a bit leading, but what I mean to ask is:
If a user logs into into site X, is there a way to automatically log into site Y? Site Y utilises single sign-on via OAuth2 service on site X, so a login via site Y would log you into site X, but not vice versa (that is, login via site X would not give you a session/cookie for site Y)
Let's say I want to minimize the barriers for login, so if I can get a user authenticated into site Y without a single dialog, confirmation, or popup, that is ideal.
Take for example, Stack Exchange. How do they log you in automatically if your session cookie for Programmers SE has expired, but not the cookie for StackOverflow?
e.g. This!
One "solution" I thought of was:
Site X is configured to allow site Y authorization with an implicit grant, so users will no longer have to acknowledge authorization. Upon login via site X, open a hidden/invisible modal to siteY.com/oauth, which automatically authorises the user and saves a session cookie. Upon travel to site Y, user is simply continuing their session, as the cookie was created earlier.
Does that make sense?
Best Answer
We created the same feature using oAuth2. Probably use the method as what Site Y is using to automatically login to site X. Try to create an end point on Site Y where Site X can pass an accessToken. Then Site Y will validate the accessToken being passed by Site X if accessToken is valid then create a session. Hope this helps.