Tinyauth x PocketID - How to connect to Pocket ID provider under a different domain

[junkaiman]

In this scenario, my tinyauth is deployed on tinyauth.example1.com and my PocketID is deployed on auth.example2.com. I have configured the OAuth correctly in tinyauth's environment variables. But I am getting the following error seems like the set up is against the CORS policy.

[steveiliop56]

Can you please check the logs of the Tinyauth container? Since the authentication requests don't happen in the browser, CORS does not apply, what you are seeing is probably some other errors not related to Tinyauth.

[junkaiman]

[Update] Now I changed my set up to the following

Pocket ID: auth.A.com
Tinyauth: tinyauth.A.com
App: whoami.B.com

Since all of the three services run on the same server, I added Traefik label to App to route all the requests to Tinyauth middleware. But it looks like I am stuck on this page forever.

https://tinyauth.A.com/continue?redirect_uri=https%3A%2F%2Fwhoami.B.com%2F

I know this might because the cookies are not shared among A.com and B.com. But what is the proper set up for my scenario? Thanks in advance!

[junkaiman]

I think I figured this out. Posting this here in case someone else encountered the same scenario.

In order to make it work for domain B.com, you will need to create another Tinyauth service under that domain. So I kept the following setup:
Pocket ID: auth.A.com
Tinyauth for A.com: tinyauth.A.com
Tinyauth for B.com: tinyauth.B.com
App1: whoami.A.com
App2: whoami.B.com

And also

1. modified the Pocket ID setting to add both https://tinyauth.A.com/api/oauth/callback/pocketid and https://tinyauth.B.com/api/oauth/callback/pocketid as callback URLs
2. add both Tinyauth middleware tinyauth-A, tinyauth-B to Traefik configs
3. route App1 to tinyauth-A middleware and route App2 to tinyauth-B middleware

Correct me if I'm wrong!