So Far, So Good... SSO WHAT!
Interactive visualizations.
Each demo walks through a complete authentication flow step by step, showing what the user sees alongside the HTTP exchanges happening behind the scenes. Built for engineers, analysts, and Megadeth the band.
OTS authenticates with Google via OAuth 2.0 and OpenID Connect
The simplest common SSO pattern: "Sign in with Google" using the Authorization Code Flow with PKCE. Walk through the redirect to Google, user consent, server-to-server token exchange, and JWT validation.
OTS authenticates directly with Okta via SAML 2.0
Direct SAML integration between application and identity provider. Follow the AuthnRequest, Okta login, signed assertion, and ACS validation in a classic enterprise SSO pattern.
Caddy + Logto bridge OIDC↔SAML to Entra
The gateway handles enterprise SSO; the application just receives authenticated requests. Step through every redirect, cookie, and token exchange in the complete flow.
Planned demos include SCIM provisioning flows, multi-IdP federation patterns, and IdP-initiated SAML login.
The example application is Onetime Secret (OTS) — an open-source tool for sharing sensitive information via self-destructing links. It serves as a realistic stand-in for any web application adding SSO support.