[DRAFT] Implement Web Authentication UI#6
Draft
al-imam wants to merge 7 commits into
Draft
Conversation
…configuration - Introduced DesktopAuthPage and AuthLoginPage components for handling desktop authentication and user login. - Updated .env.example to include the OiPer server URL. - Modified package.json to use dotenv-cli for local development and added dotenv-cli as a dependency. - Enhanced HeroSection to manage authentication state and display user information. - Implemented auth-related API functions in auth-api.ts for session management and logout functionality.
…-up, and password reset - Added SignInForm, SignUpForm, and ForgotPasswordForm components for user authentication. - Created PublicAuthModal to manage authentication modals without server-side rendering. - Introduced AuthPageShell for consistent layout across authentication pages. - Updated layout to include PublicAuthModalClientNoSSR for client-side rendering. - Enhanced auth-related API functions for improved error handling and session management.
…ocesses - Introduced VerifySignInPage and VerifySignUpPage components for email verification. - Implemented EmailVerificationForm component to handle verification code input and submission. - Updated PublicAuthModal to include email verification forms for both sign-in and sign-up flows. - Removed email verification logic from SignInForm and SignUpForm, redirecting users to the new verification pages.
…proved session management - Added AuthProvider component to manage user authentication state and session. - Refactored SignInForm, SignUpForm, EmailVerificationForm, and ForgotPasswordForm to utilize the new AuthContext for authentication operations. - Updated layout to include AuthProvider for consistent authentication context across the application. - Enhanced error handling and session management in authentication forms.
…ndling - Introduced auth-form-utils for managing callback paths and building verification URLs. - Refactored SignInForm and SignUpForm to utilize new utility functions for cleaner code. - Improved error handling in ForgotPasswordForm and EmailVerificationForm by integrating wrap function for API calls. - Updated AuthProvider to handle session errors more effectively.
…vider - Eliminated the refreshSession function from the AuthContextValue interface and the AuthProvider component to streamline authentication logic. - Updated related code to ensure consistency and maintain functionality without the removed method.
…tion improvements - Added Spinner component to SignInForm, SignUpForm, EmailVerificationForm, and ForgotPasswordForm for better user feedback during submission. - Updated validation messages for confirmPassword fields in SignUpForm and ForgotPasswordForm to ensure clarity. - Adjusted text sizes in AuthCard for improved readability.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Files Changed
Authentication Flow Architecture
flowchart LR subgraph C["Clients"] W["Web App<br/>(Next.js)"] D["Desktop App<br/>(Tauri)"] end subgraph S["Oiper Server (Hono)"] WS["Web Auth<br/>/v1/auth/web/*"] DS["Desktop Auth<br/>/v1/auth/desktop/*"] API["Protected API<br/>/v1/*"] WH["Webhooks<br/>/v1/webhooks/workos"] DB[("PostgreSQL + Prisma")] end WO["WorkOS<br/>AuthKit"] W -->|"1) Start login (Email/Password or Google)"| WS WS -->|"2) Build Auth URL + PKCE + state"| WO WO -->|"3) Callback with auth code"| WS WS -->|"4) Set sealed session cookie"| W W -->|"5) Session/refresh/logout (cookie + CSRF)"| WS WS -->|"6) Return web access JWT"| W W -->|"7) Bearer JWT API calls"| API D -->|"A) POST /desktop/start (device + PKCE challenge)"| DS DS -->|"B) Return verification_url"| D D -->|"C) Open external browser"| W W -->|"D) POST /desktop/confirm (while signed in)"| DS DS -->|"E) Generate one-time handoff code"| W W -->|"F) Deep link: oiper://auth/callback?request_id&handoff_code&state"| D D -->|"G) POST /desktop/exchange (handoff_code + code_verifier)"| DS DS -->|"H) Issue desktop access + rotating refresh token"| D D -->|"I) Save refresh token in OS secure storage"| D D -->|"J) Bearer desktop access token API calls"| API WS -->|"User/audit writes"| DB DS -->|"Desktop request/session writes"| DB API -->|"Application data reads/writes"| DB WO -->|"session.revoked webhook"| WH WH -->|"Revoke active desktop sessions"| DB classDef client fill:#E0F2FE,stroke:#0284C7,stroke-width:2,color:#0C4A6E; classDef server fill:#FEF3C7,stroke:#D97706,stroke-width:2,color:#7C2D12; classDef idp fill:#EDE9FE,stroke:#7C3AED,stroke-width:2,color:#4C1D95; classDef data fill:#DCFCE7,stroke:#16A34A,stroke-width:2,color:#14532D; class W,D client; class WS,DS,API,WH server; class WO idp; class DB data;Test plan
Related PRs