I have a question about best practices around using a single Dgraph Cloud API as the backend for multiple sites.
Given I have main.site, foo.site and bar.site and they all use the same Dgraph Cloud API, then would it be a bad idea for the user to be logged into all 3 sites after logging into one? i.e. One JWT that is used to auth a user against the GraphQL as well as all of the websites.
Or would it be better for users to have to log into each site individually and generate an individual JWT for each site, even though this JWT used to auth against the same Dgraph Cloud instance?
How I imagine the second scenario working is to create a psuedo-single-sign-on that works like this:
- User visits foo.site
- User clicks a button that says “Login with main.site”
- User is redirected to https://main.site/foo-login
- The /foo-login page pings an endpoint in our backend that first verifies the main.site JWT, then if valid generates a new JWT for foo.site
- User is redirected back to foo.site with the foo.site JWT saved to their cookies and is then logged in