Directus SSO authenitcation
Unanswered
American black bear posted this in #help-forum
American black bearOP
Hey there o/
I'm using directus for my backend and i'm facing a very nasty issue that i'm unaware of how to solve nicely. Currently, my problem is with the way directus SSO handles authentication. I have made an issue to hopefully discuss it with their team, but i thought i might as well go ahead and post here in case someone has prior experience with this.
https://github.com/directus/directus/issues/23977
tl;dr, when doing SSO with directus from another application, when the SSO workflow successfully goes through, directus only sets a session cookie for it's own domain in the user's browser
That make it impossible for the server application on a different domain (for example nextjs) to read the cookie server side and protect router, get resources on behave of the user (when it's doing ssr for example) and so on.
I'm using directus for my backend and i'm facing a very nasty issue that i'm unaware of how to solve nicely. Currently, my problem is with the way directus SSO handles authentication. I have made an issue to hopefully discuss it with their team, but i thought i might as well go ahead and post here in case someone has prior experience with this.
https://github.com/directus/directus/issues/23977
tl;dr, when doing SSO with directus from another application, when the SSO workflow successfully goes through, directus only sets a session cookie for it's own domain in the user's browser
That make it impossible for the server application on a different domain (for example nextjs) to read the cookie server side and protect router, get resources on behave of the user (when it's doing ssr for example) and so on.