I’m writing a very simple angularjs app to handle login, which will use the lock login page, and then store the auth token in a cookie which is then read by multiple applications we have (i.e. single sign-on). The applications we have are a mixture of AngualrJS, .NET Core APIs and MVC so this seems like a nice easy way to centralise and control login.
Is there any gotcha’s or potential issues I need to think about with this solution? Each application will validate the token with each request (forwarding the user to the login page if there is it has expired) or blocking access if the user does not have the right permissions).
Or alternatively is there a better way to do this that I’ve missed?