Domainless SSO — Sign in with Domainless

How it works

Three steps. Standard JWT.

OAuth-style redirect, signed JWT, server-side verify. The flow your backend already knows.

1

Redirect to authorize

Your “Sign in with Domainless” button sends the user to domainless.fun/authorize?redirect=... with your return URL.

2

Receive a token

Domainless authenticates the user, then bounces them back to your URL with ?dl_token=... appended. The token is an HS256-signed JWT.

3

Verify server-side

Verify the token against the shared secret, mint your own session, store the user. Same primitive across every Domainless sister site.

Server-side verify

Ten lines of code.

Drop into any HTTP framework. Verify, then mint your own session token however you already do it.

import jwt from 'jsonwebtoken';

// On your callback route:
app.get('/auth/domainless/callback', (req, res) => {
  const token = req.query.dl_token;
  try {
    const claims = jwt.verify(token, process.env.DOMAINLESS_JWT_SECRET, {
      algorithms: ['HS256'],
    });
    // claims = { id, email, username, ... }
    // Mint your own session, store user, redirect to app.
    req.session.user = claims;
    res.redirect('/');
  } catch (e) {
    res.status(401).send('invalid token');
  }
});

import os, jwt
from flask import request, session, redirect

@app.route('/auth/domainless/callback')
def dl_callback():
    token = request.args.get('dl_token')
    try:
        claims = jwt.decode(
            token,
            os.environ['DOMAINLESS_JWT_SECRET'],
            algorithms=['HS256'],
        )
    except jwt.InvalidTokenError:
        return 'invalid token', 401

    session['user'] = claims
    return redirect('/')

# Want to see what's inside a token without using a JWT lib?
# Just base64-decode the payload. (For prod, ALWAYS verify the signature.)
echo "<dl_token>" | cut -d. -f2 | base64 -d | jq

# {
#   "id": "abc123",
#   "email": "user@example.com",
#   "username": "spongethrob",
#   "iat": 1714665600,
#   "exp": 1717257600
# }

<!-- Drop this anywhere on your site -->
<a
  href="https://domainless.fun/authorize?redirect=https://yoursite.com/auth/domainless/callback"
  class="btn-domainless">
  Sign in with Domainless
</a>

Battle-tested

Already powering seven sister sites.

We’ve been using this exact primitive in production for months. Same shared secret, same JWT shape, same verify code.

Musicmusic.domainless.fun

Streamingstream.domainless.fun

Codecode.domainless.fun

Imageimg.domainless.fun

Authapi.auth.domainless.fun

Mailemail.domainless.fun

JGjandgstudios.fun

Pricing preview

Free to integrate. Forever.

Authentication should not be a profit center. The free tier is the tier most apps will live on. Paid tiers add management and audit surface for teams that need it.

FREE FOREVER

Open

$0/mo

For any app, any volume.

Unlimited sign-ins
Unlimited apps on one account
Standard JWT verify-on-server
Source-available client libraries

Team

$8/mo

Or $80/yr. Per organization.

Everything in Open
Per-app audit log
Custom button branding
Allowlist + denylist by user ID
Priority support

Enterprise

Custom

When you need a contract.

SOC 2-equivalent audit posture
SCIM provisioning
Self-hosted instance option
Dedicated infrastructure
SLA + named contact

Get an early-access key.

We grant SSO secrets manually during the beta so we can talk through your auth flow first. We’ll email you within a day.

Sign in withDomainless.