background:
suppose we have an APP, server and database in mainland China, an independent domain name aaa.com
Hong Kong has a web app, server and database in Hong Kong, and an independent domain name bbb.com
the current situation is that if a domestic user logs in on APP (aaa.com data interface) and accesses the content of bbb.com through WEBVIEW, since token is issued by aaa.com and bbb.com does not know, the user needs to register on bbb.com and log in again to get the token. issued by bbb.com. This kind of user experience is so bad that we think we need to optimize it. We don"t need to log in to bbb.com anymore.
so our colleagues have two plans to implement:
share the redis service within the territory to the Hong Kong server. Even after the WEBVIEW of APP is cross-domain, users no longer need to log in to access it.
domestic server issues JWT, domestic and overseas use of the same secret,payload with the information of the user"s domestic server. All operations of legal TOKEN recognized abroad
I would like to ask you which scheme is more feasible in practical work.