We have a web shop and a web app (think Wordpress-hosting-like situation) on the same intranet, and would like to create an automatic login between these sites, that is, click “Go to web app” should automatically login if you’re already logged in on the web shop, and the other way around.
One complicating aspect is that the web app has its own user management system, and can add additional users without verifying email. The only unique guarantee is the combination of web app id and user id on that system.
One idea we have is to use Redis as a shared secret storage, and use a temporary shared secret to encode a JWT, and then redirect using JWT in the header. We would need to write authentication plugins to the shop system and the web app to make this work, but that shouldn’t be too hard.
Any other approaches that are recommended? Migrating the entire user base to a central IdP has been thought of but deemed pretty complex and hard.