CrossDomainSsoUser

User-level cross-domain SSO via auth.codebase.how broker — unifies internal multi-domain SSO + B2B SAML/OIDC + Social OAuth.

Status

Key	Value
Layer	`core`
Tier	`L1`
Status	`wip`
Version	`0.3.0`
Price	Free (free)
Category	Security & Auth

Overview

CrossDomainSsoUser is the end-user cross-domain SSO plugin for multi-saas-kit (ADR-042). Distinct from ExternalSsoModule (outbound to external OSS) and ADR-040 (Platform Admin admin-jump).

Scenario

User signs in at voca.how, navigates to academy.how → auto-authenticated. Standardizes SSO flow across SaaS sharing the same operator.

Architecture

Broker: auth.codebase.how (independent project)
Abstraction: IdentityProviderInterface + SsoTokenServiceInterface (Core)
Data split: user master in client SaaS DB; SSO operational data in broker DB; external_identities mapping in client SaaS DB.

Phased Provider Support

Phase 1: InternalSsoProvider (msk-internal pool)
Phase 2: SAML / OIDC (B2B)
Phase 3: Google / Kakao / Apple OAuth

Security

256-bit nonce + cache lookup (avoid JWT pitfalls)
One-time authorization code (TTL 60s)
return_url allowlist + state CSRF
Back-channel logout (Phase 1.2)
Full audit trail

License

MIT

Demos

ADR-042 User SSO Identity Hub

🛒 View on Plugin Store: store.codebase.how/plugins/cross-domain-sso-user

Status​

Overview​

Overview​

Scenario​

Architecture​

Phased Provider Support​

Security​

License​

Demos​

Status

Overview

Overview

Scenario

Architecture

Phased Provider Support

Security

License

Demos