c33ee3dfe7
- Create modular project structure with src/backend, src/frontend, public - Hono server with routing, static file serving, and API endpoints - TailwindCSS styling pipeline with Tailwind CLI - Vanilla JS frontend (extensible for frameworks) - Complete TypeScript configuration and type checking - Auth module as self-contained submodule - Ready for development: bun run dev (port 3000) - All dependencies installed and tested Also: - Lock main branch with read-only settings in VS Code - Create .github/copilot-instructions.md with Monica persona - Initialize session logging system Status: Project ready for feature development
88 lines
2.4 KiB
Markdown
88 lines
2.4 KiB
Markdown
# Auth Module
|
|
|
|
Universal, pattern-based authentication token management for multi-auth scenarios.
|
|
|
|
## Overview
|
|
|
|
The Auth module provides a standardized interface for managing authentication tokens across different providers (PocketBase, Microsoft Graph) and auth flows (delegated, app-only).
|
|
|
|
## Key Features
|
|
|
|
- **Pattern-based configuration**: Enable only the auth flows you need (`pb`, `graph`, `pb+graph`)
|
|
- **Unified token storage**: All tokens stored in localStorage under consistent keys
|
|
- **Type-safe**: Full TypeScript support with explicit token types
|
|
- **Modular**: Works standalone; extend or integrate with larger auth systems
|
|
- **No dependencies**: Uses browser APIs only (localStorage, optional PocketBase SDK)
|
|
|
|
## Quick Start
|
|
|
|
### Basic Usage
|
|
|
|
```typescript
|
|
import Auth from './auth.ts';
|
|
|
|
// Initialize with pattern and optional config
|
|
await Auth.configure('pb+graph', {
|
|
pbUrl: 'http://localhost:8090',
|
|
graphApiUrl: 'https://graph.microsoft.com/v1.0'
|
|
});
|
|
|
|
// Get a token
|
|
const pbUserToken = Auth.getToken('pb-user');
|
|
const graphToken = Auth.getToken('graph-user');
|
|
|
|
// Set a token
|
|
Auth.setToken('graph-user', 'access_token_here');
|
|
|
|
// Clear specific token
|
|
Auth.clearToken('pb-user');
|
|
|
|
// Clear all tokens
|
|
Auth.clearAllTokens();
|
|
```
|
|
|
|
## Token Types
|
|
|
|
- `pb-user`: PocketBase user authentication token
|
|
- `pb-agent`: PocketBase service account token
|
|
- `graph-user`: Microsoft Graph delegated token (on behalf of user)
|
|
- `graph-agent`: Microsoft Graph app-only token (service principal)
|
|
|
|
## Configuration
|
|
|
|
```typescript
|
|
interface AuthConfig {
|
|
pbUrl?: string; // PocketBase URL (default: http://127.0.0.1:8090)
|
|
graphApiUrl?: string; // Graph API URL (not required for token storage)
|
|
}
|
|
```
|
|
|
|
## Security Considerations
|
|
|
|
- Tokens are stored in plaintext in `localStorage`
|
|
- Never store highly sensitive credentials in browser localStorage
|
|
- For production: consider using secure HTTP-only cookies via backend
|
|
- Implement token refresh logic before expiration
|
|
- Clear tokens on logout
|
|
|
|
## File Structure
|
|
|
|
```
|
|
auth/
|
|
├── auth.ts # Main module (TypeScript)
|
|
├── auth-test.html # Test/demo HTML
|
|
└── README.md # This file
|
|
```
|
|
|
|
## Testing
|
|
|
|
Open `auth-test.html` in a browser to test the module functionality.
|
|
|
|
## Future Enhancements
|
|
|
|
- Token refresh logic
|
|
- Expiration tracking
|
|
- Secure storage option (HTTP-only cookies via backend)
|
|
- Multiple identity provider support
|
|
- Event emitters for token changes
|