coop/account
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19 Commits 1 Branch 0 Tags
b847e109491ad003799ca7bf21f558d7afa4ff6f
Commit Graph

8 Commits

Author SHA1 Message Date
giles
b847e10949 Device cookie auth + check-device endpoint, remove propagation chain
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 43s
Details 
OAuth authorize stores device_id on grants. New /internal/check-device
endpoint lets client apps detect login/logout by checking device's
grant state + user.last_login_at. Propagation chain removed — each
app detects auth changes independently via its device cookie.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:57:44 +00:00
giles
1cd11b9a2d Skip dead apps in login propagation chain
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 46s
Details 
Health-check each app via internal URL before redirecting.
Dead apps are silently skipped so the chain doesn't break.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:41:15 +00:00
giles
6275049025 Propagate login to all client apps via OAuth chain
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 53s
Details 
After magic link login, account bounces through each client app's
/auth/login to establish local sessions via OAuth. Each app does its
OAuth flow (instant since account is logged in) then redirects back
to /auth/propagate for the next app in the chain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:40:08 +00:00
giles
e0a2a47ba2 Grant-based session revocation, remove iframe logout
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 43s
Details 
Account creates OAuthGrant per authorization, revokes on logout.
Client apps verify grants via /auth/internal/verify-grant endpoint.
Removes iframe-based logout page.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:30:53 +00:00
giles
4e8e6bab61 Iframe-based SSO logout (tolerates dead apps)
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 48s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:21:54 +00:00
giles
80c4400ae2 Remove sso_hint, add sso-clear logout chain through all apps
Some checks failed
Build and Deploy / build-and-deploy (push) Has been cancelled
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:18:04 +00:00
giles
2178607484 Move auth server from federation to account
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 42s
Details 
Account is now the OAuth authorization server with magic link login,
OAuth2 authorize endpoint, SSO logout, and session management.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 12:00:20 +00:00
giles
b3ce28b1d3 Initial account microservice 
Account dashboard, newsletters, widget pages (tickets, bookings).
OAuth SSO client via shared blueprint — per-app first-party cookies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 09:59:24 +00:00