Hi all!
Right now I'm trying to implement the SSO (single sign-on) feature for my applications. I have the common-auth domain and a couple of apps (domain AAA and domain BBB).
While I'm in domain AAA I sign in with the common-auth domain and got an access token (JWT) as a cookie. Then I continue interactions with the AAA domain. After that, I open the domain BBB in a new tab. The application automatically makes a query to the common-auth server. I expect that the access token cookie, which I got from AAA, will be added to the query. But it's not.
I can't fully understand why it's not working. Everything is fin in Chrome, IE, and Firefox. Obviously, there are some restrictions with cookies in Safari. But I'm just a backend developer and right now feel a bit frustrated. How can I bypass that problem? What parameters should I add to the cookie to handle cookie sharing?
Would be appreciated any advice or links to docs.
PS. I won't use cookies for tracking or for some advertisements. Only for improving user experience.