I have two solutions under the same domain. The first one is MVC application with authentication based on IS4 OpenID Connect provider, I'm using code flow. The second one is Angular SPA application with backend on ASP .NET Core ( server just serves static files), authentication here also should be covered by IS4. My question is how can I share authentication state of MVC app with SPA app and vice-versa. Also I can add that it's not necessary to have two separated clients. Authentication can be shared under one client for both applications. Thanks.
Example: mysite.com/page1 - MVC-client, mysite.com/page2 - SPA-client
Authentication state will be separate since they use two incompatible technologies:
What is common though is the SSO session cookie with Identity server, so after signing on to App 1 you can Single Sign On to App 2 - without a second login for the end user.
This is how separate OAuth apps are meant to behave - the separate redirects mean they can get access tokens with different levels of access to APIs.
This is the simplest solution and any other option could require a lot of re-engineering and has the potential to become a little hacky.