I want to ask you about one thing. I have two apps - frontend and backend. After user has clicked on the SSO button and he approved scope, the resource server is redirecting user to the return_url (with access code as one of arguments) which is on the backend server. Now I’m able to exchange access code and I’m getting jwt token. I have to send this token to the frontend.
But I don’t know how I can do that. Because I have to redirect user to my frontend app, so I can add jwt token to url. Should I send jwt this way? For example https://frontendserver.com/jwt_token= ?
Is it a good solution? What do you think about it?