sso
See our launch blog post for more information!

Please take the SSO Community Survey to let us know how we're doing, and to help us plan our roadmap!
sso — lovingly known as the S.S. Octopus or octoboi — is the
authentication and authorization system BuzzFeed developed to provide a secure,
single sign-on experience for access to the many internal web apps used by our
employees.
It depends on Google as its authoritative OAuth2 provider, and authenticates
users against a specific email domain. Further authorization based on Google
Group membership can be required on a per-upstream basis.
The main idea behind sso is a "double OAuth2" flow, where sso-auth is the
OAuth2 provider for sso-proxy and Google is the OAuth2 provider for sso-auth.
sso is built on top of Bitly’s open source oauth2_proxy