This is kind of my situation too Isn t the point of SSO to b

Question

This is kind of my situation too Isn t the point of SSO to be able to login to multiple websites that have different domains What exactly is ory hydra able to do that supertokens cannot I have 3 sister websites with different domains I m looking to migrate part of their DBs to supertokens or ory in order to have SSO between them But I still need to have it so that people have to actually register on each site to activate their profiles Tho it should detect their username email address when they ve already signed up for one of the other sites

rp · Answer

Hey < derptacious>

rp · Answer

SuperTokens is not yet an OAuth provider So for example we don t have the authorisation code grant flow out of the box which is used to transfer a session across multiple domains

rp · Answer

However that s only useful when you have one common login domain for all sites

rp · Answer

In your case since each site has it s own login you don t need OAuth

rp · Answer

And therefore you can use SuperTokens on each site without any issues

rp · Answer

In order to share the same user pool across all the sites you can make each site connect to the same SuperTokens core

rp · Answer

About ease of use for us vs Ory i am of course biased but its easier to make customisations on the backend APIs using SuperTokens as long as your backend is in node golang or python Have a look at our architecture page to get an understanding of how it all works

derptacious · Answer

so each server would run its own supertokens service and those services would somehow sync with each other or one is a source of truth

derptacious · Answer

i would like to be able to shut down one server without people losing the ability to login to the others

derptacious · Answer

each of the three sites is on a separate server

derptacious · Answer

i could migrate them all to one server maybe but im also curious about having the ability to not do that

rp · Answer

Each site s backend would integrate with our backend SDK The backend SDK would then talk to the SuperTokens core The same SuperTokens core would be shared across all the backends

derptacious · Answer

where is the supertokens core hosted

rp · Answer

> i would like to be able to shut down one server without people losing the ability to login to the others > each of the three sites is on a separate server This is possible

derptacious · Answer

this is all 100 self hosted as I understand it

rp · Answer

> where is the supertokens core hosted You can either self host it connected to your own db Or you can sign up on supertokens com to get a managed core

rp · Answer

what kind of login method are you looking for

rp · Answer

email password + social Or something else

derptacious · Answer

zero social

derptacious · Answer

we currently have username or email address in login field plus password

rp · Answer

Got it So checkout this https supertokens com docs emailpassword introduction

derptacious · Answer

but we will have to merge people s accounts across 3 sites into the auth provider we end up choosing

derptacious · Answer

because many have already registered accounts mostly using the same email address across the sites

rp · Answer

Yea since they will be sharing the same SuperTokens core that can be done easily

rp · Answer

And you can also add a username field to the login form and use that for login via some customisations

derptacious · Answer

so which of the 3 sites servers would i host supertokens core on

derptacious · Answer

or could i host it on more than one and one is active passive

rp · Answer

The supertokens core would just be a microservice that the backend of these sites would talk to

derptacious · Answer

each site s stack is running in docker behind traefik btw

rp · Answer

I suggest that you checkout https supertokens com docs emailpassword architecture to understand how SuperTokens works

rp · Answer

And then maybe it would be clearer

derptacious · Answer

will do

derptacious · Answer

any idea about xenforo integration

rp · Answer

That i don t know much about

rp · Answer

But if you have any specific questions I can help

derptacious · Answer

ok thx

derptacious · Answer

much appreciated

rp · Answer

Well it uses PHP

rp · Answer

we don t have a PHP SDK

rp · Answer

This means that you will have to spin up a node server which uses our node SDK for each of the three sites

rp · Answer

node python or golang

derptacious · Answer

ya this is not a good sign https xenforo com community threads how to use sso single sign on with existing website login 183457

derptacious · Answer

I guess Ory has a PHP sdk tho

derptacious · Answer

in order to talk to one xenforo instance

rp · Answer

Well yea but any customisation you want to make wouldn t really be in the PHP side

rp · Answer

> in order to talk to one xenforo instance Yea The frontend would query the node server for sign up sign in sign out etc and on sign in it would create a session with a JWT The JWT can be passed to the php backend APIs to auth your APIs

derptacious · Answer

ok i gotta look into how to do that with xenforo more

derptacious · Answer

unfortunately it is the only decent forum software I ve found these days

derptacious · Answer

this infinite scroll crap and layout of discourse seems totally destructive to discourse geeks adapt to it but most don t

rp · Answer

hmmm

rp · Answer

Well if you like you can always book a call with us from our site to discuss this in detail Would be happy to help

derptacious · Answer

thanks when we get further along perhaps to verify our architecture is coherent Thanks

rp · Answer

Sounds good