First-party SSO like Google Accounts
Hey guys!
I’m working on a project to create a unified sign-in system for several apps I own, aiming for a seamless experience like Google Accounts, where users log in once and access all services (e.g., Gmail, YouTube, Drive) without logging in again and you manage your accounts via IdP (Google Accounts). Has anyone here built something similar? Basically a federated SSO/first-party SSO...
Example:
I’m thinking of using OIDC for applications outside the IdP domain, but I’m stuck on somethings, like:
Thanks!
I’m working on a project to create a unified sign-in system for several apps I own, aiming for a seamless experience like Google Accounts, where users log in once and access all services (e.g., Gmail, YouTube, Drive) without logging in again and you manage your accounts via IdP (Google Accounts). Has anyone here built something similar? Basically a federated SSO/first-party SSO...
Example:
accounts.mydomain.com- IdP (sign-in, sign-up, manage account)
app1.mydomain.com- SP #1
app2.otherdomain.com- SP #2
I’m thinking of using OIDC for applications outside the IdP domain, but I’m stuck on somethings, like:
- I don't want to replicate data like users and organizations in SP, so I would have to use the IdP API.
- OIDC will redirect to callback with a
codeandstate. I will exchange them for JWT tokens. - In the application backend I could verify the JWT with remote JWKS.
- But how to get the organizations from the IdP (organizations plugin)? I tought about send the
access_token, but the only route that accepts the access_token isoidc/userinfo.
Thanks!
