I have a product which is using Angular as Frontend and DRF as backend. It uses JWT tokens for authentication. Currently Im adding SAML SSO to the product, at the acs endpoint Im able to verify the saml response (IDP initiated) and verify the user. I have created JWT token against the user. Now how to send the JWT token when redirecting to the landing page of the angular application (When user was logging in with password, HTTP post request was send to verify the password, in the HTTP response the token was set). But now there is no request from UI, to send the token as response. I can't send JWT as query param in redirect request (security risk?). Suggest a way to set the token on the browser.
There are two applications, app A, and app B.
App A is responsible for the authorization and authentication of users and providing tokens to users to use A, B apps
App B is a standalone app that shares some data with authenticated users.
App B relays on the App A to identify the users.
App B does not have any login page or signup page!
To access the App B, users must login through App A, then after successfull login, users are redirected to the landing page of App B
The question is how to provide access tokens to App B?