My aim is to implement an SSO solution based on OAuth 2.0. The applications in question are written in nodejs and Java. The Java apps use Spring Security. The nodejs apps use passport, whose OAuth 2.0 support may be provided by the passport-oauth module.
So far, I've got a working prototype of an authorization server, inspired by the OAuth 2.0 Spring Security sparklr sample. It can authenticate users and authorize its own resources. Now I need to implement single-sign-on across multiple applications.
It can can be done, but I am still a bit sketchy on how it is going to pan out. I've found resources on the subject to be very sparse.
Has anyone out there done this? If so, are you willing to share some general advice on the approach? Or point me towards some reading material I've missed?
Please forgive me for being vague. That's where things are at right now.
Thank you for your help.