feat(auth): enable cross-domain SSO via shared cookies on .mana.how

- Configure Better Auth with crossSubDomainCookies for .mana.how domain - Add COOKIE_DOMAIN environment variable (production: .mana.how) - Sync trustedOrigins with all production subdomains - Users now login once and are authenticated across all apps Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-05-28 17:37:44 +02:00 · 2026-02-02 03:58:29 +01:00 · 2026-02-02 03:58:29 +01:00 · f03c09ff17
commit f03c09ff17
parent 9a22c89857
3 changed files with 64 additions and 3 deletions
--- a/services/mana-core-auth/.env.example
+++ b/services/mana-core-auth/.env.example
@ -33,6 +33,19 @@ REDIS_PASSWORD=
 # Used for email verification links, OIDC callbacks, etc.
 BASE_URL=http://localhost:3001

+# ============================================================================
+# Cross-Domain SSO [REQUIRED IN PRODUCTION]
+# ============================================================================
+# Cookie domain for Single Sign-On across subdomains.
+# Set to '.mana.how' (with leading dot) to share sessions across:
+# - calendar.mana.how
+# - todo.mana.how
+# - chat.mana.how
+# - etc.
+#
+# Leave empty/unset for local development (cookies will be domain-specific)
+COOKIE_DOMAIN=
+
 # ============================================================================
 # CORS [REQUIRED IN PRODUCTION]
 # ============================================================================