Auto Login Specification for Pugpig Bolt Web Reader
Bolt Web supports the ability to automatically sign users in if they're already signed in to another specified website. A key use case for this is customers using Bolt Web as their solution for edition reading, while the rest of their content or experience is hosted elsewhere.
This doc details how this needs to be set up across both Bolt Web and the other site(s) in order to work seamlessly.
1. Auth Setup
Both the Client Website and Pugpig Bolt Web reader should have authentication fully configured (so theoretically we can login via the user interface if needed).
2. Cross Domain Cookie
Once logged in, the client website should drop a cross-domain cookie containing the authentication token.
The cookie should be made accessible to the Pugpig Bolt Web domain (e.g. app.clientname.com).
The cookie name should preferably be human readable such as: _client-session-token.
3. Notification of Cookie Name
Pugpig should be notified of the cookie name so that the product can be configured to read from it when it exists.
4. Login Verification
If the setup is correct, when a Bolt Web reader is visited, it should verify the token and log in using the cookie. Once you have provided us with the cookie name we will test end to end and confirm everything is working as expected.