AgileWebs/thalos-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
development
thalos-web/docs/architecture/frontend-boundary.md
José René White Enciso 39f5af23e4 feat(thalos-web): harden production auth experience
2026-03-31 16:06:15 -06:00

1.2 KiB
Raw Permalink Blame History

Frontend Boundary

  • This repository hosts the central identity web surface for Thalos.
  • Frontend data access flows through src/api/* adapter modules.
  • The UI does not access DAL or internal services directly.
  • Route shell uses Ant Design layout/menu and keeps session workspace behind session checks.
  • Callback handling validates OIDC query states and normalizes return paths to same-origin routes.

Runtime Base URLs

  • API_BASE_URL for business BFF calls.
  • THALOS_AUTH_BASE_URL for session and OIDC endpoints.
  • THALOS_DEFAULT_RETURN_URL for callback fallback.
  • THALOS_DEFAULT_TENANT_ID for OIDC tenant defaults.
  • THALOS_ENABLE_MANUAL_LOGIN for explicitly enabling the dev/test fallback form.

Protected Workflow Endpoints

  • GET /api/identity/oidc/google/start
  • GET /api/identity/oidc/google/callback
  • POST /api/identity/session/login
  • POST /api/identity/session/refresh
  • POST /api/identity/session/logout
  • GET /api/identity/session/me

UI Workflow Coverage

  • Central login launch (Google OIDC start)
  • Callback processing and error rendering
  • Session workspace verification and snapshot reload
  • Manual dev/test session login fallback gated by environment/runtime config