I own 2 websites A and B. This means I can put any code on each of the websites and run it there. However, I can't access the database of the other website from one of the sites.
Recently, I needed a way to make a link on website A to website B but I needed the user to be automatically authenticated on website B when he clicks on the link if he was authenticated on website A.
So what I have done is the following :
- Create a page on website A that redirects to a page on website B giving it as a parameter the username and id encrypted along with a passphrase (using the mcrypt library)
- Check on website B using curl if the id belongs to the same user as the username and in this case accept the connection.
This works well. However, I feel like this is not really the way to go as it is not really secure. For now, those are toy websites so I don't really care.
Is there a better way to perform cross-site authentication ?