Menu

DoneIsBetter SSO

Browse documentation sections.

Getting Started

Introduction
Quick Start
Installation

Integration Guide

Authentication
Session Management
Error Handling

API Reference

Endpoints
Response Format
Error Codes

Examples

React
Vue.js
Vanilla JS

Security

Best Practices
CORS Configuration
Permissions
GitHubSupport

Integration Guide

Third-Party Integration Guide

Choose the right integration surface for your application.

SSO Version

5.29.0

Integration Options

  • OAuth2 / OIDC - recommended for most apps
  • Cookie-Based SSO - only for shared-domain deployments
  • Hosted Social Login - Google and Facebook through the SSO login page
  • Centralized App Permissions - per-app access and role management in SSO

Recommended Default

Start with OAuth 2.0 Authorization Code flow plus OIDC claims. Use the cookie-session endpoints only when your app truly shares the configured cookie domain and does not need its own OAuth token lifecycle.

Key Runtime Facts

  • Public login endpoints set cookies; they do not issue bearer tokens.
  • Canonical app-permission roles are none, user, admin.
  • Canonical app-permission statuses are pending, approved, revoked.
  • Access requests require a valid user-bound token for the same user and same client.