11/28/2022, 8:21 PM
Hi, we're currently implementing supertokens in my team and we'd like to use the same API to authenticate on two different domains. I've seen this page which explains how to do it with different subdomains, is it possible to do it with multiple domains as well ?


11/29/2022, 5:46 AM
hey @edistra
it is possible. The easiest method would be to: - Enable JWT feature in sessions. - Send the JWT to your APIs for verification, and those APIs then verify the JWT using the JWKs endpoint exposed by our backend SDK. - Session refreshing, login, sign out would still happen via just one of the API endpoints (whichever you choose). But make sure that that API endpoint shares the same base domain as the website domain, else browsers like safari will not allow sending cookies.