alvis/oO
1
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
faf44c18fc64edb4219e0b3405e8f4e1510a2e07
oO/services/auth/README.md

472 B
Raw Blame History

auth

OAuth-based identity. Do not roll your own crypto or session logic — back this with Auth.js or Ory Kratos+Hydra.

Responsibilities

  • Google OAuth (Phase 0), Apple OAuth (Phase 0.5), extensible to others.
  • Issue short-lived JWTs + rotating refresh tokens; HttpOnly cookies for web.
  • Expose GET /me (who am I), POST /logout, OIDC-style /.well-known endpoints.

Non-goals

  • Password auth. Ever.
  • User-profile data — that lives in profile/.
Reference in New Issue View Git Blame Copy Permalink