Automatic cookie single sign on on multiple domains - like google

Question

I don\'t understand how google achieve the following mechanism of single sign on:

1. I login in gmail for example (I suppose this creates a cookie withmy authorizatio

Answer 1

Cookies and localStorage can be shared between domains using an intermediate domain. On the home page is embedded an "iframe ', which accesses cookies and sends messages to the main.

mail.google.com and youtube.com can share the cookies using accounts.google.es. Open Chrome->Inspect->Resources->Local storage and you will see in accounts.google.com the authentication token in JWT format.

I have detailed the technical steps in this answer: https://stackoverflow.com/a/37565692/6371459. Also take a look at https://github.com/Aralink/ssojwt to see an implementation of a Single Sign On using JWT in a central domain