mod
main
▾ src/
▾ auth/
oauth.ts
index.ts
▾ plans/
search.md
▾ planning/
▾ reviews/
▾ sessions/
feat-auth
feat-search
spike-jwt
▸ tasks/
▸ decisions/
AGENTS.md
README.md
agents
Editing
In review
Done
Idle
plans/auth.md
nassarah
synced
Authentication Plan

Users authenticate via JWT tokens with automatic refreshsarah.

Requirements
Token expiry: 15 minutes
Refresh token: 7 days
Secure cookie storagealex

Cookies use SameSite=Strict to mitigate CSRF.

nasnas do we need Lax for the OAuth redirect?
flow.mermaid
LoginIssue JWTRefresh
Planned changes
src/
auth.ts+41 -1
auth/refresh.tsnew +6
tests/
auth.test.tsnew +20
src/auth.ts
export function verify(token: string) {
  return jwt.verify(token, SECRET)
}
rendered html
Security notice
Tokens rotate automatically every 15 minutes.
Acknowledge
Claude CodeClaude Code
Implementing the JWT refresh flow from the plan.
Read plans/auth.md
Write src/auth/refresh.ts
+ Wrote token exchange and refresh helpers
>Implement plans/auth.md