Auth (Frontend)¶

Not yet implemented

Frontend authentication is not yet implemented. This page describes the planned approach.

The frontend will handle the OAuth consent flow (redirecting to Google, receiving tokens) and manage token storage and refresh. This will be implemented as a shared library: util-oauth-client.

For the cross-cutting auth concepts (claim contract, OAuth flow, token lifecycle, user flow diagrams), see the Auth and Multi-Tenancy overview.

Planned: util-oauth-client¶

The util-oauth-client library will be responsible for:

Initiating the OAuth consent flow with Google (and later Microsoft, Facebook)
Receiving and validating the OAuth token from the provider
Exchanging the OAuth token for a PetFolio JWT via the backend auth endpoints
Storing and refreshing JWT access tokens
Attaching the JWT to outgoing API requests

Claim contract

The frontend must ensure that the JWT it sends contains the three claims the backend expects. See the claim contract for details.

Auth and Multi-Tenancy Overview - cross-cutting concepts, claim contract, and planned features
PetFolio Service (BE) auth - backend implementation
ADR-001: Authentication and Multi-Tenancy - design decisions, alternatives, and security

Auth (Frontend)¶

Planned: util-oauth-client¶

Related resources¶