AgileWebs/thalos-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
feature/thalos-web-central-login-shell
thalos-web/docs/architecture/frontend-boundary.md
José René White Enciso 1a5b3dec66 feat(thalos-web): add central OIDC login shell
2026-03-11 10:25:38 -06:00

1.1 KiB
Raw Permalink Blame History

Frontend Boundary

  • This repository hosts a React edge application for a single BFF.
  • Frontend data access flows through src/api/* adapter modules.
  • The UI does not access DAL or internal services directly.
  • Route shell and protected sections are session-aware via Thalos session endpoints.
  • The app is the central login shell for auth.dream-views.com and only redirects to allowlisted return hosts.

Runtime Base URLs

  • API_BASE_URL for business BFF calls.
  • THALOS_AUTH_BASE_URL for session login/refresh/logout/me.
  • THALOS_DEFAULT_RETURN_URL as the fallback post-login destination.
  • THALOS_ALLOWED_RETURN_HOSTS as the return-url allowlist.
  • THALOS_DEFAULT_TENANT_ID as login context default.

Protected Workflow Endpoints

  • POST /api/identity/session/login
  • POST /api/identity/session/refresh
  • POST /api/identity/session/logout
  • GET /api/identity/session/me

UI Workflow Coverage

  • Google OIDC start-link generation with returnUrl and tenantId
  • Session me/profile inspection
  • Session refresh
  • Session logout
  • Safe fallback when request return host is not allowlisted