Total beginner question, but here goes. I have one app at www.example.com. When someone browses there, they hit nginx acting as a reverse proxy. Any URL that starts with
/app gets proxied through to a custom web app at app.example.com. Any other request gets proxied through to cms.example.com. Both the
cms portions of the app have protected content, so a user needs to be authenticated with each. Naturally, I want a user to have to log in once and then be authenticated with both apps. Here are my questions:
Since both the
cmssites live at the same root domain (example.com), I can share cookies between them. Does this make something like Auth0 overkill? Would there be a simpler way to get what I want?
If Auth0 is a good fit, can someone point me to some good resources to get started? I’ve used SSO in the past from a federated identity perspective, but not as a true single sign-on solution, so I’m starting from a bit of a dead stop.
Thanks in advance.