A while back, Heroku moved a hosting different functions on different apps/subdomains ( https://postgres.heroku.com and https://addons.heroku.com for example). Now they are open sourcing their library that handles Single Sign On between them, using OAuth as the backbone.

I’m excited to see where this goes.

While OAuth was originally designed to allow service providers to delegate some access on behalf of a customer to a third party, and we do use it that way too, Heroku also uses OAuth for SSO. We’d like to take this opportunity to provide a technical overview.