forgejo_admin/pal-e-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Scaffold pal-e-auth shared package #1

New issue
Closed
opened 2026-02-23 18:23:44 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-02-23 18:23:44 +00:00
Owner
Copy link

Goal

Create the shared auth package used by all pal-e platform services.

Scope

  • JWT token create/decode utilities (HS256, configurable secret)
  • Google OAuth flow (authorization URL, callback handler, ID token validation)
  • FastAPI dependencies: get_current_user, require_role, optional_user
  • Auth router: /auth/google, /auth/callback, /auth/logout
  • Pydantic models: User, TokenPayload, AuthConfig
  • pyproject.toml for pip install from git

User Model

Role Who Description
admin Lucas Full access
coach Marcus + future coaches Own program management
parent Registrants View own child status
viewer Unauthenticated Public read-only

Token Format

  • JWT with HS256 signing
  • Claims: sub, email, name, role, tenant_id, iat, exp, iss
  • Access: 24h, refresh: 30d in Postgres
  • httpOnly cookies

Dependencies

  • authlib or python-jose for JWT
  • httpx for Google token exchange
  • FastAPI + Pydantic

Integration Pattern

Services add to requirements.txt:

pal-e-auth @ git+https://forgejo.tail5b443a.ts.net/forgejo_admin/pal-e-auth.git

Design doc: ~/.claude/plans/2026-02-23-refine-planning-pal-e-docs-auth.md

## Goal Create the shared auth package used by all pal-e platform services. ## Scope - JWT token create/decode utilities (HS256, configurable secret) - Google OAuth flow (authorization URL, callback handler, ID token validation) - FastAPI dependencies: `get_current_user`, `require_role`, `optional_user` - Auth router: `/auth/google`, `/auth/callback`, `/auth/logout` - Pydantic models: User, TokenPayload, AuthConfig - `pyproject.toml` for pip install from git ## User Model | Role | Who | Description | |------|-----|-------------| | admin | Lucas | Full access | | coach | Marcus + future coaches | Own program management | | parent | Registrants | View own child status | | viewer | Unauthenticated | Public read-only | ## Token Format - JWT with HS256 signing - Claims: sub, email, name, role, tenant_id, iat, exp, iss - Access: 24h, refresh: 30d in Postgres - httpOnly cookies ## Dependencies - authlib or python-jose for JWT - httpx for Google token exchange - FastAPI + Pydantic ## Integration Pattern Services add to requirements.txt: ``` pal-e-auth @ git+https://forgejo.tail5b443a.ts.net/forgejo_admin/pal-e-auth.git ``` Design doc: `~/.claude/plans/2026-02-23-refine-planning-pal-e-docs-auth.md`
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
3-woodpecker-pypi-pipeline
1-scaffold-pal-e-auth
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-auth#1
No description provided.