How best to share a token across subdomains?

We have multiple ReactJS apps under the same primary domain:

http://search.domain.com/
http://pages.domain.com/
http://me.domain.com/

And we’d love the user to log in once, and when they go to the next domain, they don’t have to be resent to Okta to get a token for that domain. What is the best way to pass this token around? I see the okta client can be set to use a cookie but it appears that the cookie is not a domain level cookie, instead, it’s specific to the subdomain. Do I need to do something custom here?

Thanks,
David

We recommended by Okta support to set up a custom domain, per https://developer.okta.com/docs/guides/custom-url-domain/overview/. Looks promising!

1 Like

Also see that a custom storage provider is possible, exploring this route now https://github.com/okta/okta-auth-js#storage

The custom storage provider is working really well, following how Okta is writing to cookies (given the size constraints) https://github.com/okta/okta-auth-js/blob/master/lib/TokenManager.ts#L230

1 Like