92 lines
4.0 KiB
Markdown
92 lines
4.0 KiB
Markdown
# Auth Service Integration
|
|
|
|
The blog editor is integrated with the existing auth service located at `G:\LivingAi\GITTEA_RPO\auth`.
|
|
|
|
## How It Works
|
|
|
|
### Backend Integration
|
|
|
|
The blog editor backend validates JWT tokens by calling the auth service's `/auth/validate-token` endpoint:
|
|
|
|
1. Client sends request with `Authorization: Bearer <token>` header
|
|
2. Blog editor backend middleware (`middleware/auth.js`) extracts the token
|
|
3. Middleware calls `POST /auth/validate-token` on the auth service
|
|
4. Auth service validates the token and returns user info
|
|
5. Blog editor backend sets `req.user` and continues processing
|
|
|
|
### Frontend Integration
|
|
|
|
The frontend uses the auth service directly for authentication:
|
|
|
|
1. **Login Flow:**
|
|
- User enters phone number
|
|
- Frontend calls `POST /auth/request-otp` on auth service
|
|
- User enters OTP
|
|
- Frontend calls `POST /auth/verify-otp` on auth service
|
|
- Auth service returns `access_token` and `refresh_token`
|
|
- Frontend stores tokens in localStorage
|
|
|
|
2. **API Requests:**
|
|
- Frontend includes `Authorization: Bearer <access_token>` header
|
|
- Blog editor backend validates token via auth service
|
|
- If token expires, frontend automatically refreshes using `refresh_token`
|
|
|
|
## Configuration
|
|
|
|
### Backend (.env)
|
|
```env
|
|
AUTH_SERVICE_URL=http://localhost:3000
|
|
```
|
|
|
|
### Frontend (.env)
|
|
```env
|
|
VITE_AUTH_API_URL=http://localhost:3000
|
|
```
|
|
|
|
## Token Storage
|
|
|
|
- `access_token` - Stored in localStorage, used for API requests
|
|
- `refresh_token` - Stored in localStorage, used to refresh access token
|
|
- `user` - User object stored in localStorage
|
|
|
|
## Authentication Flow
|
|
|
|
```
|
|
┌─────────┐ ┌──────────────┐ ┌─────────────┐
|
|
│ Client │────────▶│ Auth Service │────────▶│ Blog Editor │
|
|
│ │ │ │ │ Backend │
|
|
└─────────┘ └──────────────┘ └─────────────┘
|
|
│ │ │
|
|
│ 1. Request OTP │ │
|
|
│◀─────────────────────│ │
|
|
│ │ │
|
|
│ 2. Verify OTP │ │
|
|
│─────────────────────▶│ │
|
|
│ 3. Get Tokens │ │
|
|
│◀─────────────────────│ │
|
|
│ │ │
|
|
│ 4. API Request │ │
|
|
│──────────────────────────────────────────────▶│
|
|
│ │ 5. Validate Token │
|
|
│ │◀───────────────────────│
|
|
│ │ 6. User Info │
|
|
│ │───────────────────────▶│
|
|
│ 7. Response │ │
|
|
│◀──────────────────────────────────────────────│
|
|
```
|
|
|
|
## Benefits
|
|
|
|
1. **Single Source of Truth:** All authentication handled by one service
|
|
2. **Consistent Security:** Same JWT validation across all services
|
|
3. **Token Rotation:** Auth service handles token refresh and rotation
|
|
4. **User Management:** Centralized user management in auth service
|
|
5. **Guest Support:** Auth service supports guest users
|
|
|
|
## Notes
|
|
|
|
- The blog editor backend does NOT handle user registration/login
|
|
- All authentication is delegated to the auth service
|
|
- The blog editor only validates tokens, not creates them
|
|
- Phone/OTP authentication is used (not email/password)
|