Files
Job-Info/Mode2Test/AuthAndToken

Mode2Test

Complete OAuth2 authentication system with persistent token management.

Structure

Mode2Test/
  AuthAndToken/              # Everything related to auth and tokens
    package.json
    backend/
      server.ts              # Hono server
      token-service.ts       # Token storage & refresh
      auth-routes.ts         # Hono API endpoints
    frontend/
      index.html             # Main app (requires auth)
      signin.html            # Microsoft OAuth2 login
      auth-manager.ts        # Frontend auth helpers
    README.md                # Component documentation

Quick Start

  1. Install dependencies:
cd Mode2Test/AuthAndToken
bun install
  1. Set environment variables (in secrets/.env):
POCKETBASE_URL=https://pocketbase.ccllc.pro
  1. Run:
bun run backend/server.ts
  1. Open http://localhost:3005 → redirects to signin.html if not authenticated

How It Works

Token Lifecycle

  1. Login: User signs in via Microsoft OAuth2 → PB and Graph tokens acquired → stored in tokens.json → background refresh starts
  2. Refresh: Every 5 minutes, both tokens auto-refresh silently
  3. Access: Frontend/backend call /api/auth/tokens to get current state
  4. Logout: User clicks logout → tokens cleared

Startup Behavior

  • If tokens.json exists with valid PB token: background refresh resumes immediately
  • If no valid token: frontend redirects to signin.html to require login
  • Tokens are never deleted until fresh ones are confirmed available

API Endpoints

  • GET /api/auth/status - Check auth status
  • GET /api/auth/tokens - Get current tokens (requires auth)
  • POST /api/auth/login - Store tokens after OAuth login
  • POST /api/auth/logout - Clear all tokens

Tokens

  • PocketBase Token: Required. Refreshes automatically every 5 minutes.
  • Graph Token: Optional. Refreshes automatically if available.

Both stay fresh at all times after initial login—no user intervention needed.