SSO Integration
Integrate Sign in with Auva into your application to let users authenticate using their existing Auva Account. This eliminates the need for your own auth system and gives users a seamless cross-product experience.
Overview
Auva SSO works through a redirect-based flow:
Your App → auva.dev/login?redirect=yourapp.com/callback
→ User authenticates on auva.dev
→ Redirect back to your app with session established
→ Your app calls /auth/refresh to get an access token
Implementation
Register your application
Contact the Auva team to register your application's callback URL. You'll need to provide:
- Your application name
- Callback URL(s) (e.g.,
https://yourapp.com/auth/callback) - Requested scopes (e.g.,
profile,email)
Redirect to Auva Login
When a user clicks "Sign in with Auva", redirect them to:
https://auva.dev/login?redirect=https://yourapp.com/auth/callback
Handle the callback
After successful authentication, Auva redirects back to your callback URL. The user's session cookie is now set for *.auva.dev. Call the refresh endpoint to get an access token:
const response = await fetch('https://auth.auva.dev/auth/refresh', {
method: 'POST',
credentials: 'include', // Include cookies
});
const { accessToken } = await response.json();
Fetch user data
Use the access token to get the user's profile:
const profile = await fetch('https://auth.auva.dev/user/me', {
headers: {
Authorization: `Bearer ${accessToken}`,
},
credentials: 'include',
});
const user = await profile.json();
console.log(`Authenticated as ${user.name}`);
SSO currently works across all *.auva.dev subdomains automatically. For external domains, the redirect-based flow is required.
CORS Configuration
If your application runs on a different domain, ensure your requests to auth.auva.dev include credentials: 'include'. The Auva Auth API must also have your domain in its CORS allowlist.
Contact the Auva team to add your origin to the allowlist.