Configure Stack Auth trusted domains for cross-subdomain auth #11
Description
Problem
After creating an organization and being redirected to the tenant subdomain (e.g. acme.localhost:3000), users are not automatically logged in. They must sign in again because Stack Auth cookies are scoped to the exact domain (localhost:3000) and not shared with subdomains.
Solution
Stack Auth has built-in support for cross-subdomain cookies via trusted domains in the project dashboard.
Development
In the Stack Auth dashboard → Project → Domains, add:
localhost:3000**.localhost:3000
Production
yourdomain.com**.yourdomain.com
When Stack Auth detects a wildcard domain match (e.g. acme.localhost:3000 matches **.localhost:3000), it sets the auth cookie on the parent domain, making it available across all subdomains automatically.
How it works
Stack Auth's _getTrustedParentDomain() method checks the project's configured domains for wildcard matches. When found, cookies are set with domain: parentDomain so they're shared across subdomains. No code changes needed — this is purely a dashboard configuration.
Acceptance criteria
- Add trusted domains in Stack Auth dashboard (dev + prod)
- Verify user stays logged in after redirect from root domain to tenant subdomain
- Document the required domain configuration in the project README