I’m currently setting up partnerships for white label applications and have some questions about the technical aspects. Is it necessary for each of our white label partners to obtain their unique app ID from the service?
Alternatively, can we facilitate user authentication through domain redirection? For example, users might access something like partner.mysite.com, login using our main site at mysite.com, and then be directed back to partner.mysite.com.
Imagine a situation where a user goes to partner.myapp.com, logs in there, our backend at myapp.com manages their information, and then they are redirected back with an active session.
What is the ideal method for implementing this white label authentication process?
I’ve dealt with this exact scenario when we launched our partner program last year.
Don’t use separate app IDs for each partner. It’s a maintenance nightmare and makes tracking analytics way harder.
The domain redirection method you described works well. We do something similar - partners send users to our auth endpoint with a return URL parameter. After login, we redirect back to their domain with a secure token.
Here’s what worked for us:
- Single app ID for all white label partners
- Partner identification through subdomain or URL parameter
- Centralized user database with partner association
- JWT tokens for session management across domains
Make sure your CORS settings allow the partner domains and validate return URLs against a whitelist of approved partner domains.
One thing to watch out for - some browsers are getting stricter with third party cookies. We had to implement a popup flow for Safari users because of their cookie policies.
Your backend approach for handling user info and redirecting with active session is right. Just use HTTPS everywhere and validate all redirect URLs properly.