Continuing your example, you could integrate main.com with supertokens. Post login, you can send off the JWT (which is accessible from the frontend), to your other sites. Those sites can then use this JWT for creating their own session (via supertokens again!). However, you would need to build in logic to make sure that the JWT is being transferred in a secure way - which is essentially implementing one of the OAuth protocols