Third-Party Auth Integration
Canonical guide for external developers integrating with Topolo Auth without relying on first-party repo docs.
What It Is
This is the canonical Topolo Auth guide for third-party developers integrating an external application with the Topolo identity service.
Integration Model
Third-party integrations should expect:
- Auth hosted at
https://auth.topolo.app - registered service IDs and allowed origins
- JWT-based session or bearer-token validation
- support for redirect or popup login flows
- OAuth and cross-domain SSO entry patterns where applicable
Core Flows
The supported topics are:
- frontend login entrypoints
- backend token verification and middleware
- token storage and session management
- cross-domain SSO
- permission and authorization handling
- environment configuration
- security and troubleshooting guidance
Canonical Rule
First-party Topolo applications use the first-party Auth standard documented in the docs platform. This guide exists for external integrations and replaces the old repo-local third-party integration file.
Next Steps
- Start with
/guides/authenticationfor the shared Auth model. - Use
/applications/authand the Auth references for the current service and route families. - Coordinate service registration and allowed-origin setup before implementing login flows.
Change Log / Verification
- Added canonical third-party Auth integration guidance and retired the repo-local guide on 2026-03-30