How best to share a token across subdomains?

We have multiple ReactJS apps under the same primary domain:

And we’d love the user to log in once, and when they go to the next domain, they don’t have to be resent to Okta to get a token for that domain. What is the best way to pass this token around? I see the okta client can be set to use a cookie but it appears that the cookie is not a domain level cookie, instead, it’s specific to the subdomain. Do I need to do something custom here?


We recommended by Okta support to set up a custom domain, per Looks promising!

1 Like

Also see that a custom storage provider is possible, exploring this route now

The custom storage provider is working really well, following how Okta is writing to cookies (given the size constraints)

1 Like