Heimdall is the shared auth authority taking shape for GameCult-hosted experiments. It centralizes provider OAuth, linked identities, grants, entitlements, token sealing, and signed claim issuance so every new app does not have to rebuild Discord/Patreon/GitHub/Twitch login glue from scratch and then act shocked when the result grows mold.
Started
26 Apr 2026
Last Public Push
29 Apr 2026
Stack
TypeScript / Fastify / JWT / Postgres
Status
Active auth service
Founding Idea
The founding idea is painfully simple: shared auth should actually be shared. Provider OAuth, linked identities, sessions, grants, and signed claims belong in one authority service, while app-domain data stays local so “shared auth” does not immediately become “shared swamp.”
Trajectory
The public history is a tight implementation burst around real integration seams rather than abstract identity theology. StreamPixels and Repixelizer show up early. Then you get managed provider credentials, Twitch verification, EventSub alignment, token scope normalization, and persisted credential handoff state. In other words, the repo is not philosophizing about auth. It is already tripping over the practical reasons a shared authority needs to exist.
Ambition
The ambition is to become the boring identity layer for GameCult’s hosted apps: one service that handles provider negotiation, token sealing, session issuance, and signed claims, while app backends verify locally and keep their own domain logic. Central authority, distributed dignity.
History Tells On Itself
2026-04-26Initial public repo creation2026-04-29Add StreamPixels managed auth seams2026-04-29Persist StreamPixels credential handoff state2026-04-29Normalize OAuth token scopes2026-04-29Record StreamPixels Twitch verification2026-04-29Refresh managed provider credentials on resolve