How Hashnode implements SSO for blogs running on custom domains
As you may know, Hashnode is a community of independent developers who blog on their own domain. Hashnode users discover content published by the bloggers on their feed. Since our users are logged in on Hashnode and not the custom domains where the articles live, we had to carry the session forward somehow.
For example, I am logged in on Hashnode, but I am reading a content published on a different Hashnode powered domain. For example:
Initially we relied on third party cookies to do auth. We waited for the page to load fully and then made an API call to Hashnode to fetch the currently logged in user. It worked quite well. However, we soon realized that Safari blocks all third-party cookies! So, we decided to implement SSO on Hashnode and activated it only for Safari users. Here is the flow:
This worked quite well, but as you may have guessed the redirection process took a bit of time. Our edge caching didn't really matter since we redirected the requests to Hashnode before serving the content. But this flow was in place just for Safari. For Chrome, Firefox and other browsers, we served content straightaway from our edge cache and used third-party cookies to communicate with Hashnode.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25739860/1998630585.jpg)
