I’m developing a feature where someone can add a JavaScript snippet to their website, which connects back to my server which then loads a website editor for their website in an iframe.
I have that part working fine but the main functionality I need help with is when an admin user from our system (example.com) clicks a link to edit their website (userwebsite.com), it should trigger the client’s website to open a web-based editor on their website where the editor is loaded in via an iframe.
The website (userwebsite.com) loading this iframe cannot be modified to receive any extra GET or POST data and the URL connecting back to my server cannot have any extra params to it just a static URL (example.com/authorize).
The only way I can think of to authorise this user is by setting a 3rd-party cookie for my domain (example.com/set_cookie) which then gets loaded in via the iframe but since Google is going to be blocking 3rd-party cookies, I don’t know how else to authorise this user and make sure the editor doesn’t load for other users on their website but only for the user that clicked the link.