# Auth, Licensing, and SSO
Version: 1.1.1
Last Updated: January 23, 2026
Audience: Backend, extension, app, and auth platform engineers
Scope
Canonical documentation for identity, authentication, licensing, entitlement checks, device approval, and (future) SSO for BranchPy. User-facing workflows live in ../User-Guide/.
Components
- rc-backend:
/v1/auth/*,/v1/license/*,/v1/claim/renpy,/v1/auth/device/* - Website (branchpy.com): Account lifecycle, license issuance, renewal, admin panel
- Clients: BranchPyApp (Python), VS Code extension, CLI device approval flow
- Identity Stores:
website_users(canonical),users(CLI legacy bridge, being retired)
Key Responsibilities
- Issue and validate access, refresh, and license tokens
- Map plans → entitlements; enforce feature gates (
has_feature,require_feature) - Device approval and offline allowances (
max_offline_days) - License claim/renewal (Ren’Py free, paid plans)
- Governance events for auth/licensing actions
Out of Scope
- API transport conventions (see
Technical/api/api.md) - Telemetry retention/privacy (Telemetry subset)
- Deployment/infra runbooks (Deployment subset)
- UI/Control Center guides (User-Guide)
Related Docs
- architecture.md
- licensing.md
- sso.md
- configuration.md
- troubleshooting.md
- quick-reference.md
- Technical/api/api.md (endpoint index)
- Technical/errors/README.md (error taxonomy)