barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-03 12:50:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(auth): document token authentication flow

Browse Source
This commit is contained in:
Orvanix
2026-03-12 11:59:49 +00:00
parent e98ac8a4e5
commit 6af15b9622
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/TABLEOFCONTENTS.md
+1
View File
@@ -5,6 +5,7 @@
## Authentication & Users
- **Plex OAuth, JWT sessions, RBAC** → [backend/services/auth.md](backend/services/auth.md)
- **Local admin authentication, password change** → [backend/services/auth.md](backend/services/auth.md)
- **Admin-generated login token per user (URL-login)** → [backend/services/auth.md](backend/services/auth.md)
- **Route protection, auth guards** → [frontend/routing-auth.md](frontend/routing-auth.md)
- **Login page UI/UX** → [frontend/pages/login.md](frontend/pages/login.md)
documentation/backend/services/auth.md
+7
View File
@@ -249,6 +249,13 @@ oidc.admin_claim_value = 'readmeabook-admin'
- **Admin Settings:** OIDC section in `/admin/settings` (auth tab)
- **Library:** `openid-client` (OIDC discovery, token exchange, PKCE)
## Admin-Generated Login Token
- Login token stored as SHA-256 hash in `User.loginTokenHash`
- Admin generates/revokes via user permissions modal
- User login with token `/auth/token/login?token=rmab_...`
- Invalid token redirects to `/login`
## Security
- Never log tokens