6 Commits

Author	SHA1	Message	Date
giles	6275049025	Propagate login to all client apps via OAuth chain ... After magic link login, account bounces through each client app's /auth/login to establish local sessions via OAuth. Each app does its OAuth flow (instant since account is logged in) then redirects back to /auth/propagate for the next app in the chain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:40:08 +00:00
giles	e0a2a47ba2	Grant-based session revocation, remove iframe logout ... Account creates OAuthGrant per authorization, revokes on logout. Client apps verify grants via /auth/internal/verify-grant endpoint. Removes iframe-based logout page. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:30:53 +00:00
giles	4e8e6bab61	Iframe-based SSO logout (tolerates dead apps) ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:21:54 +00:00
giles	80c4400ae2	Remove sso_hint, add sso-clear logout chain through all apps ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:18:04 +00:00
giles	2178607484	Move auth server from federation to account ... Account is now the OAuth authorization server with magic link login, OAuth2 authorize endpoint, SSO logout, and session management. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 12:00:20 +00:00
giles	b3ce28b1d3	Initial account microservice ... Account dashboard, newsletters, widget pages (tickets, bookings). OAuth SSO client via shared blueprint — per-app first-party cookies. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-23 09:59:24 +00:00