How can I have one web service provide a front-end authorization process (login form, Facebook login, Google login, etc.) for a second NodeJS application?
Scenario:
WEB APPLICATION @ www.first_domain.com
- Hosted in IIS
- Provides a web service with OAuth support
- Web-based login form
NODE.JS APPLICATION @ www.second_domain.com
- Hosted on Heroku
- Node.JS handles all api / web service calls
- AngularJS app must only call this server
I know the web application has the ability to take a URL as the return path, once a login is complete, and send the user back to the site via the browser. However, I've been told to NOT allow the Angular application to communicate with the other web application directly... IF there is another way (basically using the NodeJS application like a proxy).
Another concern I have is how to maintain the session token from the other web application. The NodeJS application has the responsibility to use the other application and web service to ensure the session remains valid.