I have a platform on mydomain.com
My clients have their own websites i.e client.com, and they embed my page into their website using an iFrame so that customers can navigate through a checkout flow.
My page tries to read the session cookie through the iFrame, which results in third party blocks (because of the domain jump).
I can solve this by having each client create a subdomain subdomain.client.com and point this towards my domain with a CNAME. Now the cookie is considered first party, but it feels like a bit of a workaround and requires network configuration from the client.
If I was to re-architect this from scatch, what options do I have in a world away from iFrames? Can Web Components or Javascript Widgets help me overcome this problem, without requiring network configuration from the client, or are there other modern approaches which don't require cookies for auth etc?
Tried that your client to embed a call to any or some of your js file/s from your server on any/some/all their htmls?? they can put a script src on html, something like this will work:
<script src="https://yourserver.com/folder/yourlibrary.js"></script>
That way your js code on yourlibrary.js will run on your client's html env and can access their cookies with for example document.cookies and process them and can even later contact back your own server via other script src inserted from js, or iframe called from js, or even ajax (but this last option only if you configure CORS security adequately).
Mind that if your client website is on https, they can include/call only js files on https servers.