Add JWT + Google OAuth authentication #4

New issue

Closed

opened 2026-02-23 18:23:59 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented 2026-02-23 18:23:59 +00:00

Owner

Copy link

Goal

Integrate pal-e-auth shared package into basketball-api for user authentication.

Prerequisite

• forgejo_admin/pal-e-auth#1 (scaffold shared auth package)

Scope

• Add pal-e-auth to requirements.txt
• Include auth router at /auth/
• Protect mutation endpoints with require_role("admin", "coach")
• Protect parent-facing endpoints with require_role("admin", "coach", "parent")
• Add pal-e-auth-secrets to k8s secrets (JWT_SECRET_KEY, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET)
• Update k8s deployment env to read auth secrets

User Roles for basketball-api

Role	Access
admin	Everything
coach	Own program: roster, evaluations, drafts
parent	Own child: status, receipts, payments

Blocks

• Deployment of basketball-api (PII exposure without auth)

Design doc: ~/.claude/plans/2026-02-23-refine-planning-pal-e-docs-auth.md

## Goal Integrate pal-e-auth shared package into basketball-api for user authentication. ## Prerequisite - forgejo_admin/pal-e-auth#1 (scaffold shared auth package) ## Scope - Add `pal-e-auth` to requirements.txt - Include auth router at `/auth/` - Protect mutation endpoints with `require_role("admin", "coach")` - Protect parent-facing endpoints with `require_role("admin", "coach", "parent")` - Add `pal-e-auth-secrets` to k8s secrets (JWT_SECRET_KEY, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) - Update k8s deployment env to read auth secrets ## User Roles for basketball-api | Role | Access | |------|--------| | admin | Everything | | coach | Own program: roster, evaluations, drafts | | parent | Own child: status, receipts, payments | ## Blocks - Deployment of basketball-api (PII exposure without auth) Design doc: `~/.claude/plans/2026-02-23-refine-planning-pal-e-docs-auth.md`

forgejo_admin referenced this issue from a commit 2026-02-23 22:17:00 +00:00

Add pal-e-auth integration to gate roster endpoints (#4)

forgejo_admin referenced this issue from a pull request that will close it, 2026-02-23 22:17:14 +00:00

Add pal-e-auth integration to gate roster endpoints #5

forgejo_admin closed this issue 2026-02-24 04:55:03 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

232-schedule-data-model

205-clean-test-data-from-production-db-playe

114-email-verification

147-feat-add-get-jersey-player-info-endpoint

124-feat-many-to-many-player-team-assignment

125-feat-add-new-players-manually-seydou-gou

126-feat-team-placement-congratulations-emai

121-admin-teams-spa-endpoints

70-add-graduating-class-to-roster-api-respo

59-fix-auth-test

62-phase-4l-sveltekit-dashboard-wkq-tailsca

11-phase-1a-fix-ci-pipeline-venv-in-test-st

No results found.

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/basketball-api#4

No description provided.