niloc it seems perfectly doable for someone ready to invest the time.
We already have two different SSO extensions for Flarum (the general purpose one and my Wordpress one) but I believe both of the existing solutions use a cookie-based solution for instant global login, rather than connecting the forum only on first visit. But overall it will work very similarly.
I wonder how Vanilla handles global logout. That was one of the trickiest part of my Wordpress implementation. It's not very good for user experience if the login is global but logout isn't.
Assuming the "master" side of jsConnect doesn't make any assumption about Vanilla but just exposes an API endpoint with JWT format, the nice thing is that existing implementations of jsConnect could potentially be re-used with Flarum if an extension re-used their existing "protocol".
