AgileWebs/thalos-bff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37d2551565
thalos-bff/docs/api/identity-edge-api.md
José René White Enciso 730abb95ec feat(thalos-bff): add google oidc start and callback flow
2026-03-11 10:13:21 -06:00

1.2 KiB
Raw Blame History

Identity Edge API

Active External Protocol

  • REST is the active external protocol for this BFF deployment.
  • Internal service calls default to gRPC-adapted contracts.

Entrypoints

  • Canonical session endpoints:
    • POST /api/identity/session/login
    • POST /api/identity/session/refresh
    • POST /api/identity/session/logout
    • GET /api/identity/session/me
  • Canonical OIDC endpoints:
    • GET /api/identity/oidc/google/start
    • GET /api/identity/oidc/google/callback
  • Compatibility endpoint:
    • POST /api/identity/token
    • POST /api/identity/login
    • POST /api/identity/token/refresh
    • POST /api/identity/logout

Boundary Notes

  • Endpoint handlers perform edge validation and permission checks.
  • Session login and refresh call canonical thalos-service session gRPC operations.
  • OIDC start/callback handlers generate and validate PKCE/state/nonce payloads.
  • Session cookies are managed at the BFF edge (thalos_session, thalos_refresh) with env-driven secure/domain policy.
  • Token issuance and policy evaluation contracts remain available for compatibility calls.
  • Business orchestration remains in thalos-service.
  • Identity abstractions remain owned by Thalos repositories.