Mode2Test AuthAndToken component complete: login/logout working, token persistence, background refresh active, tested and verified
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
# Mode2Test
|
||||
|
||||
Complete OAuth2 authentication system with persistent token management.
|
||||
|
||||
## Structure
|
||||
|
||||
```
|
||||
Mode2Test/
|
||||
AuthAndToken/ # Everything related to auth and tokens
|
||||
package.json
|
||||
backend/
|
||||
server.ts # Hono server
|
||||
token-service.ts # Token storage & refresh
|
||||
auth-routes.ts # Hono API endpoints
|
||||
frontend/
|
||||
index.html # Main app (requires auth)
|
||||
signin.html # Microsoft OAuth2 login
|
||||
auth-manager.ts # Frontend auth helpers
|
||||
README.md # Component documentation
|
||||
```
|
||||
|
||||
## Quick Start
|
||||
|
||||
1. Install dependencies:
|
||||
```bash
|
||||
cd Mode2Test/AuthAndToken
|
||||
bun install
|
||||
```
|
||||
|
||||
2. Set environment variables (in `secrets/.env`):
|
||||
```
|
||||
POCKETBASE_URL=https://pocketbase.ccllc.pro
|
||||
```
|
||||
|
||||
3. Run:
|
||||
```bash
|
||||
bun run backend/server.ts
|
||||
```
|
||||
|
||||
4. Open `http://localhost:3005` → redirects to signin.html if not authenticated
|
||||
|
||||
## How It Works
|
||||
|
||||
### Token Lifecycle
|
||||
|
||||
1. **Login**: User signs in via Microsoft OAuth2 → PB and Graph tokens acquired → stored in `tokens.json` → background refresh starts
|
||||
2. **Refresh**: Every 5 minutes, both tokens auto-refresh silently
|
||||
3. **Access**: Frontend/backend call `/api/auth/tokens` to get current state
|
||||
4. **Logout**: User clicks logout → tokens cleared
|
||||
|
||||
### Startup Behavior
|
||||
|
||||
- If `tokens.json` exists with valid PB token: background refresh resumes immediately
|
||||
- If no valid token: frontend redirects to `signin.html` to require login
|
||||
- Tokens are **never deleted** until fresh ones are confirmed available
|
||||
|
||||
## API Endpoints
|
||||
|
||||
- `GET /api/auth/status` - Check auth status
|
||||
- `GET /api/auth/tokens` - Get current tokens (requires auth)
|
||||
- `POST /api/auth/login` - Store tokens after OAuth login
|
||||
- `POST /api/auth/logout` - Clear all tokens
|
||||
|
||||
## Tokens
|
||||
|
||||
- **PocketBase Token**: Required. Refreshes automatically every 5 minutes.
|
||||
- **Graph Token**: Optional. Refreshes automatically if available.
|
||||
|
||||
Both stay fresh at all times after initial login—no user intervention needed.
|
||||
Reference in New Issue
Block a user