Situation:
- Nextjs web application running in iframe cannot access auth provider to let user login.
- Nextjs web application opens a popup window, loads same web application sign-in page and then redirects to auth provider (Microsoft Azure AD).
- User successfully authenticates (we use next-auth v4) in the popup window and is redirected back to the web application.
Problem: how to pass session data from the popup to the iframe, before we auto close the popup window?
Our iframe is part of MS Teams app, so Teams SDK offers a callback to pass a string value back to the iframe.
Question: is it possible to serialise session (cookies?) into a string and then restore it in the iframe? Given that session cookie is httpOnly, secure and sameSite=Lax.
I expect to enable user authentication to web application when it's running inside and outside MS Teams tab app. I would like to keep next-auth as server side auth solution, however I am OK to rebuild auth solution...
p.s. cookies sameSite=none would work, but this is not acceptable from security point of view.