'Is sso (single sign on) without redirection good?

I built a sso server sso.mydomain.com. The common sso implementation is to redirect users to the sso server to login then redirect back. But is it simpler to ajax login on sso server? And it is confusing that users see the different domain when login.

Is there any problem to allow javascript ajax to sso server for authentication?

single-sign-on


Solution 1:[1]

If I go to example.com and use SSO to login using my Google account, then I get redirected to Google, enter my Google credentials there, and Google can tell example.com that I am who I say I am as it redirects me back.

To do that with Ajax I would need to give my Google credentials to example.com… and then example.com can take my Google credentials and use them to access all my Google data and every other service I use Google for SSO.

So no, it isn't good.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Quentin

Related Questions

Rails authentication strategy

Login Failure: Pool is empty and connection creation failed

User Auth/Identity Service that takes care of social logins?

Logout from Keycloak does not logout Active Directory User

SNOWFLAKE - AZURE ACTIVE DIRECTORY Integration

Everytime I change my Microsoft Teams Tab's code the content of the tab does not change

React-router HashRouter When redirecting root URL with query parameters, route gets appended after params

Symfony 6 - CAS Bundle

Apache superset with Okta integration

Azure AD OIDC Single Sign-On with HashiCorp Vault - Interactive Login Prompt Not Appearing

How to enable sign-in with Google on Backstage?

How to enable sign-in with Google on Backstage?

SAML SP Metadata XML SSO, Recipient and Destination URLs

How to use the AWS Python SDK while connecting via SSO credentials

Best practice: Generate email link to bypass authentication