Any recommendations for implementing single sign-on across multiple (in my case two) Racket web servers and a Node server for a React-based UI? The user should be able to login on the main server (Racket) and select a React.js app that will run on a Node.js server. The React app will make API calls to a second Racket-based server.
Is "single sign-on" too grandiose a term for this set-up. Is there a simple way to do it?
If I understand you correctly, this would mean that if a user A sends a page link to another user B, user A accidentally gives their credentials to user B. For this reason, putting credentials into an URL is a bad idea. Slightly less bad are credentials in a post request or in a cookie, but it's even better to use a (time-limited) session cookie. If you want, you can store the current session cookie for a user in the database.