I think people usually use oauth2/openid (👉 ory hydra) for cross-domain, it's a bit more involved. but that has the redirects with tokens, etc. and you can add them to a cookie or whatever is easier after. and you have APIs to validate them, etc..