Misar IO Docs
Single Sign-On

SSO Overview

How Single Sign-On works across the Misar ecosystem.

Single Sign-On (SSO)

Misar uses two SSO strategies depending on the domain relationship.

All *.misar.io apps share a session cookie with domain .misar.io.

AppDomain
Corporatemisar.io
Identity Hubid.misar.io
Misar Mailmail.misar.io
No extra work needed — once logged in at id.misar.io, the user is authenticated across all *.misar.io apps automatically.

Token-Based SSO (Cross TLD)

Apps on different TLDs (misar.dev, misar.blog) use a JWT token flow via the SSO check endpoint.

Flow

e.g., misar.dev (different TLD from misar.io)

GET https://id.misar.io/api/sso/check with the user's session cookie

If the session is valid, a one-time token is returned

The cross-TLD app exchanges the token for its own session

Security

  • All tokens are short-lived (configurable, default 5 minutes)
  • Tokens are single-use to prevent replay attacks
  • All communication over HTTPS only

Quickstart

Start authenticating with Misar ID in minutes.

API Overview

Misar ID REST API reference.

On this page

Single Sign-On (SSO)Cookie-Based SSO (Same TLD)Token-Based SSO (Cross TLD)FlowSecurity