Скачать или смотреть How to Pass Authentication Tokens Between Websites Using IIS and Node.js

Learn how to securely pass JWT tokens from one website to another during redirects in a Single Page Application (SPA) using `Node.js` and `IIS`.
---
This video is based on the question https://stackoverflow.com/q/60555643/ asked by the user 'Ahmad Behzadi' ( https://stackoverflow.com/u/4192800/ ) and on the answer https://stackoverflow.com/a/72326036/ provided by the user 'Ahmad Behzadi' ( https://stackoverflow.com/u/4192800/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Passing authentication token in header while redirecting to a new SPA page

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/l...
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
How to Pass Authentication Tokens Between Websites Using IIS and Node.js

Redirecting users between different websites while maintaining session integrity through authentication tokens can be a challenging task. This guide will discuss a common scenario where one website needs to pass a JWT (JSON Web Token) authentication token to another Single Page Application (SPA) while using IIS for web hosting.

The Scenario: Websites A and B

Imagine you have two websites:

Website A: The sender, which wants users to be redirected to another application.

Website B: An Angular SPA that requires users to be authenticated with a JWT.

Here's the flow:

User visits Website A and successfully logs in.

Website A wants to redirect this user to Website B, but it must pass the JWT token to maintain the user's session without requiring them to log in again.

The main challenges arise because:

Website A sends the token in a header during a POST request when redirecting to Website B.

The Angular application cannot directly access those headers once they are passed to IIS, which serves the index.html file.

The Solution

To resolve these challenges, we devised an effective workaround using a combination of Node.js and IIS. Let’s break it down into specific steps:

Step 1: Create a Node.js Backend

Instead of relying solely on IIS, we created a simple Node.js application that serves the Angular files. This application acts as a bridge between Websites A and B.

Step 2: Implementing Token Transfer

Passing the Token: When Website A redirects users to Website B, it sends the JWT as a header in a POST request to the Node.js application.

Example of how the token can be sent:

[[See Video to Reveal this Text or Code Snippet]]

Storing the Token: Once the Node.js application receives the token in the header, it will return this token as a cookie in the response. This way, the token can be easily accessed when the Angular SPA is loading.

Step 3: Adjustments for Angular Application

When the Angular application loads:

It can read the JWT token from the cookies using a service or directly through JavaScript.

This seamless token retrieval allows the user to remain authenticated without needing to log in again.

Step 4: Hosting the Node.js Application

Finally, to integrate this into your existing setup:

Deploy the Node.js application within your IIS environment. This allows you to manage both the node app and Angular app under the same server infrastructure.

Conclusion

This solution bridges the communication gap between two distinct websites while ensuring users maintain a single session through effective JWT management. If you find yourself in a similar situation, this approach can save time and enhance security.

By implementing the above strategy, you will ensure your applications remain connected with fast transitions and secure authentication measures in place.

Feel free to reach out with any questions or comments!