"When we try to pick out authentication by itself, we find it hitched to everything else in the Universe."
What's the advice for achieving authentication across sub-domains?
I would like users to authentication using
auth.example.comand user data to be accessible at
Assume a web app with no shared database between the two apps.
My thinking thus far is that
auth.example.comcould pass a session id to the main app through the user agent and the main app then uses that session id as proof of identity when making an api call to