Files
Job-Info/NewApproach/auth/README.md
T
aewing c33ee3dfe7 Scaffold NewApproach: Full-stack Bun+Hono+TypeScript+TailwindCSS project
- Create modular project structure with src/backend, src/frontend, public
- Hono server with routing, static file serving, and API endpoints
- TailwindCSS styling pipeline with Tailwind CLI
- Vanilla JS frontend (extensible for frameworks)
- Complete TypeScript configuration and type checking
- Auth module as self-contained submodule
- Ready for development: bun run dev (port 3000)
- All dependencies installed and tested

Also:
- Lock main branch with read-only settings in VS Code
- Create .github/copilot-instructions.md with Monica persona
- Initialize session logging system

Status: Project ready for feature development
2026-01-09 13:33:22 +00:00

2.4 KiB

Auth Module

Universal, pattern-based authentication token management for multi-auth scenarios.

Overview

The Auth module provides a standardized interface for managing authentication tokens across different providers (PocketBase, Microsoft Graph) and auth flows (delegated, app-only).

Key Features

  • Pattern-based configuration: Enable only the auth flows you need (pb, graph, pb+graph)
  • Unified token storage: All tokens stored in localStorage under consistent keys
  • Type-safe: Full TypeScript support with explicit token types
  • Modular: Works standalone; extend or integrate with larger auth systems
  • No dependencies: Uses browser APIs only (localStorage, optional PocketBase SDK)

Quick Start

Basic Usage

import Auth from './auth.ts';

// Initialize with pattern and optional config
await Auth.configure('pb+graph', {
  pbUrl: 'http://localhost:8090',
  graphApiUrl: 'https://graph.microsoft.com/v1.0'
});

// Get a token
const pbUserToken = Auth.getToken('pb-user');
const graphToken = Auth.getToken('graph-user');

// Set a token
Auth.setToken('graph-user', 'access_token_here');

// Clear specific token
Auth.clearToken('pb-user');

// Clear all tokens
Auth.clearAllTokens();

Token Types

  • pb-user: PocketBase user authentication token
  • pb-agent: PocketBase service account token
  • graph-user: Microsoft Graph delegated token (on behalf of user)
  • graph-agent: Microsoft Graph app-only token (service principal)

Configuration

interface AuthConfig {
  pbUrl?: string;           // PocketBase URL (default: http://127.0.0.1:8090)
  graphApiUrl?: string;     // Graph API URL (not required for token storage)
}

Security Considerations

  • Tokens are stored in plaintext in localStorage
  • Never store highly sensitive credentials in browser localStorage
  • For production: consider using secure HTTP-only cookies via backend
  • Implement token refresh logic before expiration
  • Clear tokens on logout

File Structure

auth/
├── auth.ts          # Main module (TypeScript)
├── auth-test.html   # Test/demo HTML
└── README.md        # This file

Testing

Open auth-test.html in a browser to test the module functionality.

Future Enhancements

  • Token refresh logic
  • Expiration tracking
  • Secure storage option (HTTP-only cookies via backend)
  • Multiple identity provider support
  • Event emitters for token changes