type: architecture
status: active
timestamp: 2026-06-20
tags: [architecture, auth, firebase, cross-site, extensions]

Cross-site auth via auth.oriz.in

auth.oriz.in shared across all *.oriz.in apps subdomain and every Chrome/Firefox/Edge extension. One sign-in, one Firebase user, every surface.

Cross-site auth via auth.oriz.in

Concept

The Firebase project oriz-app exposes its auth handler at the custom domain auth.oriz.in. Every site (*.oriz.in) and every browser extension funnels sign-in through that one domain, so the user signs in once and is signed in everywhere.

How it works

Why this shape

A custom auth domain achieves three things at once:

  1. Recruiters never see a firebaseapp.com URL during sign-in
  2. Auth state survives browser third-party cookie restrictions, since auth.oriz.in is same-site with every *.oriz.in subdomain
  3. Extensions can use the standard chrome.identity flow without each needing its own OAuth client

The single Firebase project also keeps the user model simple — one uid per human across the entire family, so subscription unlocks flow naturally.

Cross-refs


Edit on GitHub · Back to index