15 lines
472 B
Markdown
15 lines
472 B
Markdown
# auth
|
|
|
|
OAuth-based identity. **Do not roll your own crypto or session logic** — back this with Auth.js or Ory Kratos+Hydra.
|
|
|
|
## Responsibilities
|
|
|
|
- Google OAuth (Phase 0), Apple OAuth (Phase 0.5), extensible to others.
|
|
- Issue short-lived JWTs + rotating refresh tokens; HttpOnly cookies for web.
|
|
- Expose `GET /me` (who am I), `POST /logout`, OIDC-style `/.well-known` endpoints.
|
|
|
|
## Non-goals
|
|
|
|
- Password auth. Ever.
|
|
- User-profile data — that lives in `profile/`.
|