Auth Overview

Overview of Zooly authentication system

What is Zooly Auth?

Zooly Auth is a centralized authentication and authorization system built on AWS Cognito. It provides single sign-on (SSO) across all *.zooly.ai applications, serving as the identity provider for the entire platform.

Key Features

Single Sign-On: One login works across all *.zooly.ai apps
Multiple Auth Methods: Email/password, Google and Apple (Google implemented)
Long-Lived Sessions: Users stay signed in for up to 3 months
Guest Checkout: Support for email-only purchases without registration
Role-Based Authorization: Flexible role management via DynamoDB
Mini-App Support: Inline authentication without redirects

Architecture Overview

Zooly Auth uses a centralized authentication app at auth.zooly.ai that handles all authentication flows. Other apps redirect unauthenticated users to this central app, which manages:

AWS Cognito User Pool: Identity provider for user authentication
DynamoDB: Stores user profiles, roles, and guest identities
Session Cookies: Shared across all *.zooly.ai subdomains
JWT Tokens: ID tokens for backend API authorization

How It Works

User visits an app → If not authenticated, redirected to auth.zooly.ai?returnTo=<original-url>
User authenticates → Cognito validates credentials (email/password or social login)
Session created → Both ID token and refresh token stored in cookies with domain .zooly.ai
User redirected back → Returns to original app with valid session
Apps verify session → Backend validates JWT and checks roles from DynamoDB
Automatic refresh → When ID token expires (24 hours), server automatically refreshes using refresh token (transparent to user)
Long-lived sessions → Users stay logged in for up to 90 days without re-authentication

Identity Storage

Identity data is split between two systems:

Cognito: Email (source of truth), authentication credentials
DynamoDB: Profile data (display_name, avatar_url, roles, guest_email)

This separation ensures email changes in Cognito are immediately reflected without stale data in DynamoDB.

Next Steps

Architecture Details - Deep dive into system architecture
Authentication Flows - Login flows and redirects
Setup Guide - AWS and Cognito configuration
Client Integration - Using the auth client package
Backend Integration - JWT verification and authorization

Introduction Architecture

On This Page

What is Zooly Auth?Key Features Architecture Overview How It Works Identity Storage Next Steps