Hopefully the question captures it. Basically I'm trying to provide a means for third-party apps to authenticate users into our app environment. Our apps use a JWT stored as a cookie in the browser, which is set in the response to the auth API request. I've spun up a test app to prove out the idea, but I can't seem to get the cookies to be set in the browser, despite the fact that a similar endpoint works just fine for authenticating our own apps.
This is the flow I'm trying to achieve:
- Third-party app passes user credentials to auth API endpoint.
- API endpoint validates credentials.
- If successful, JWT generated and attached to response as cookie (our domain).
- Third-party app redirects to our domain.
I fear I'm missing something fundamental here. Is this even possible, or should I be looking for a different way of doing this?
FYI, I'm using DotNet Core for the API and Blazor Server for the front end.
