barbercollie/ReadMeABook
1
0
Fork 1
mirror of https://github.com/kikootwo/ReadMeABook.git synced 2026-06-02 20:30:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): send login token in POST body

Browse Source
This commit is contained in:
Orvanix
2026-03-12 17:15:07 +00:00
parent b20673e7ea
commit 81712ad3ce
4 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/backend/services/auth.md
+2 -1
View File
@@ -253,7 +253,8 @@ oidc.admin_claim_value = 'readmeabook-admin'
- Login token stored as SHA-256 hash in `User.loginTokenHash`
- Admin generates/revokes via user permissions modal
- User login with token `/auth/token/login?token=rmab_...`
- User navigates to `/auth/token/login?token=rmab_...` → page POSTs token to API in request body
- API: `POST /api/auth/token/login` with `{ token }` in JSON body
- Invalid token redirects to `/login`
## Security