# Mode2Test Complete OAuth2 authentication system with persistent token management. ## Structure ``` Mode2Test/ AuthAndToken/ # Everything related to auth and tokens package.json backend/ server.ts # Hono server token-service.ts # Token storage & refresh auth-routes.ts # Hono API endpoints frontend/ index.html # Main app (requires auth) signin.html # Microsoft OAuth2 login auth-manager.ts # Frontend auth helpers README.md # Component documentation ``` ## Quick Start 1. Install dependencies: ```bash cd Mode2Test/AuthAndToken bun install ``` 2. Set environment variables (in `secrets/.env`): ``` POCKETBASE_URL=https://pocketbase.ccllc.pro ``` 3. Run: ```bash bun run backend/server.ts ``` 4. Open `http://localhost:3005` → redirects to signin.html if not authenticated ## How It Works ### Token Lifecycle 1. **Login**: User signs in via Microsoft OAuth2 → PB and Graph tokens acquired → stored in `tokens.json` → background refresh starts 2. **Refresh**: Every 5 minutes, both tokens auto-refresh silently 3. **Access**: Frontend/backend call `/api/auth/tokens` to get current state 4. **Logout**: User clicks logout → tokens cleared ### Startup Behavior - If `tokens.json` exists with valid PB token: background refresh resumes immediately - If no valid token: frontend redirects to `signin.html` to require login - Tokens are **never deleted** until fresh ones are confirmed available ## API Endpoints - `GET /api/auth/status` - Check auth status - `GET /api/auth/tokens` - Get current tokens (requires auth) - `POST /api/auth/login` - Store tokens after OAuth login - `POST /api/auth/logout` - Clear all tokens ## Tokens - **PocketBase Token**: Required. Refreshes automatically every 5 minutes. - **Graph Token**: Optional. Refreshes automatically if available. Both stay fresh at all times after initial login—no user intervention needed.