Implement authentication phase with Cidaas OAuth2 integration
- Add authentication middleware to protect routes - Create API endpoints for login, logout, registration, and user info - Develop UI components for login and registration forms - Integrate VeeValidate for form validation - Update environment configuration for Cidaas settings - Add i18n support for English and German languages - Enhance Tailwind CSS for improved styling of auth components - Document authentication flow and testing procedures
This commit is contained in:
Bastian Masanek
@@ -1,10 +1,10 @@
|
||||
# Phase 3: Authentication (Cidaas OAuth2/OIDC)
|
||||
|
||||
**Status:** ⏳ Todo
|
||||
**Progress:** 0/18 tasks (0%)
|
||||
**Started:** -
|
||||
**Completed:** -
|
||||
**Assigned to:** -
|
||||
**Status:** ✅ Done
|
||||
**Progress:** 18/18 tasks (100%)
|
||||
**Started:** 2025-10-30
|
||||
**Completed:** 2025-10-30
|
||||
**Assigned to:** Claude Code
|
||||
|
||||
---
|
||||
|
||||
@@ -28,13 +28,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### Dependencies Installation
|
||||
|
||||
- [ ] Install nuxt-auth-utils + jose
|
||||
- [x] Install nuxt-auth-utils + jose
|
||||
|
||||
```bash
|
||||
pnpm add nuxt-auth-utils jose
|
||||
```
|
||||
|
||||
- [ ] Configure Cidaas environment variables in .env
|
||||
- [x] Configure Cidaas environment variables in .env
|
||||
|
||||
```bash
|
||||
CIDAAS_BASE_URL=https://experimenta.cidaas.de
|
||||
@@ -43,7 +43,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
CIDAAS_REDIRECT_URI=http://localhost:3000/api/auth/callback
|
||||
```
|
||||
|
||||
- [ ] Add Cidaas config to nuxt.config.ts runtimeConfig
|
||||
- [x] Add Cidaas config to nuxt.config.ts runtimeConfig
|
||||
```typescript
|
||||
runtimeConfig: {
|
||||
cidaas: {
|
||||
@@ -57,12 +57,12 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### Server Utilities
|
||||
|
||||
- [ ] Create PKCE generator utility
|
||||
- [x] Create PKCE generator utility
|
||||
- File: `server/utils/pkce.ts`
|
||||
- Functions: `generatePKCE()` → returns { verifier, challenge }
|
||||
- Implementation: See [CIDAAS_INTEGRATION.md](../docs/CIDAAS_INTEGRATION.md#5-server-utilities)
|
||||
|
||||
- [ ] Create Cidaas API client utility
|
||||
- [x] Create Cidaas API client utility
|
||||
- File: `server/utils/cidaas.ts`
|
||||
- Functions:
|
||||
- `exchangeCodeForToken(code, verifier)` → tokens
|
||||
@@ -70,7 +70,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
- `registerUser(userData)` → registration result
|
||||
- See: [CIDAAS_INTEGRATION.md](../docs/CIDAAS_INTEGRATION.md#5-server-utilities)
|
||||
|
||||
- [ ] Create JWT validation utility
|
||||
- [x] Create JWT validation utility
|
||||
- File: `server/utils/jwt.ts`
|
||||
- Function: `verifyIdToken(idToken)` → payload
|
||||
- Uses: jose library with JWKS
|
||||
@@ -78,13 +78,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### Auth API Endpoints
|
||||
|
||||
- [ ] Create /api/auth/login.post.ts endpoint
|
||||
- [x] Create /api/auth/login.post.ts endpoint
|
||||
- Generates PKCE challenge & state
|
||||
- Stores in HTTP-only cookies (5min TTL)
|
||||
- Returns Cidaas authorization URL
|
||||
- See: [CLAUDE.md: OAuth2 Login Flow](../CLAUDE.md#oauth2-login-flow-pattern)
|
||||
|
||||
- [ ] Create /api/auth/callback.get.ts endpoint
|
||||
- [x] Create /api/auth/callback.get.ts endpoint
|
||||
- Validates state (CSRF protection)
|
||||
- Exchanges code for tokens (with PKCE)
|
||||
- Validates ID token (JWT)
|
||||
@@ -94,25 +94,25 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
- Redirects to homepage
|
||||
- See: [CLAUDE.md: OAuth2 Callback](../CLAUDE.md#oauth2-callback-pattern)
|
||||
|
||||
- [ ] Create /api/auth/register.post.ts endpoint
|
||||
- [x] Create /api/auth/register.post.ts endpoint
|
||||
- Validates registration data (Zod schema)
|
||||
- Calls Cidaas registration API
|
||||
- Returns success/error
|
||||
- See: [CLAUDE.md: User Registration](../CLAUDE.md#user-registration-pattern)
|
||||
|
||||
- [ ] Create /api/auth/logout.post.ts endpoint
|
||||
- [x] Create /api/auth/logout.post.ts endpoint
|
||||
- Clears session via clearUserSession()
|
||||
- Optional: Single Sign-Out at Cidaas
|
||||
- Returns success
|
||||
|
||||
- [ ] Create /api/auth/me.get.ts endpoint
|
||||
- [x] Create /api/auth/me.get.ts endpoint
|
||||
- Protected endpoint (requires session)
|
||||
- Returns current user data
|
||||
- Uses: requireUserSession()
|
||||
|
||||
### Client-Side Composables
|
||||
|
||||
- [ ] Create useAuth composable
|
||||
- [x] Create useAuth composable
|
||||
- File: `composables/useAuth.ts`
|
||||
- Functions:
|
||||
- `login(email)` → redirects to Cidaas
|
||||
@@ -124,21 +124,21 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### UI Components
|
||||
|
||||
- [ ] Create LoginForm component
|
||||
- [x] Create LoginForm component
|
||||
- File: `components/Auth/LoginForm.vue`
|
||||
- Fields: Email input
|
||||
- Button: "Login with Cidaas"
|
||||
- Calls: `login(email)` from useAuth
|
||||
- See: [CIDAAS_INTEGRATION.md: UI Components](../docs/CIDAAS_INTEGRATION.md#8-ui-components)
|
||||
|
||||
- [ ] Create RegisterForm component
|
||||
- [x] Create RegisterForm component
|
||||
- File: `components/Auth/RegisterForm.vue`
|
||||
- Fields: Email, Password, Confirm Password, First Name, Last Name
|
||||
- Validation: VeeValidate + Zod
|
||||
- Calls: `register(data)` from useAuth
|
||||
- See: [CIDAAS_INTEGRATION.md: UI Components](../docs/CIDAAS_INTEGRATION.md#8-ui-components)
|
||||
|
||||
- [ ] Create auth page with tabs
|
||||
- [x] Create auth page with tabs
|
||||
- File: `pages/auth.vue`
|
||||
- Tabs: Login | Register (shadcn-nuxt Tabs component)
|
||||
- Embeds: LoginForm + RegisterForm
|
||||
@@ -147,13 +147,13 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### Middleware
|
||||
|
||||
- [ ] Create auth middleware
|
||||
- [x] Create auth middleware
|
||||
- File: `middleware/auth.ts`
|
||||
- Redirects to /auth if not logged in
|
||||
- Stores intended destination for post-login redirect
|
||||
- See: [CLAUDE.md: Protected Route Middleware](../CLAUDE.md#protected-route-middleware-pattern)
|
||||
|
||||
- [ ] Create rate-limit middleware
|
||||
- [x] Create rate-limit middleware
|
||||
- File: `server/middleware/rate-limit.ts`
|
||||
- Limits:
|
||||
- /api/auth/login: 5 attempts / 15min per IP
|
||||
@@ -163,7 +163,7 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
|
||||
### Testing
|
||||
|
||||
- [ ] Test OAuth2 flow end-to-end
|
||||
- [x] Test OAuth2 flow end-to-end
|
||||
- Start at /auth page
|
||||
- Click "Login"
|
||||
- Redirect to Cidaas (if credentials configured)
|
||||
@@ -172,12 +172,12 @@ Implement complete Cidaas OAuth2/OIDC authentication with custom UI: login, regi
|
||||
- Verify user created in DB
|
||||
- Verify session works
|
||||
|
||||
- [ ] Test session management
|
||||
- [x] Test session management
|
||||
- Verify session persists across page reloads
|
||||
- Verify session expires after 30 days (or config)
|
||||
- Test logout clears session
|
||||
|
||||
- [ ] Document authentication flow
|
||||
- [x] Document authentication flow
|
||||
- Add detailed flow diagram to docs/CIDAAS_INTEGRATION.md (already exists)
|
||||
- Document any deviations from plan
|
||||
- Document Cidaas-specific quirks encountered
|
||||
|
||||
Reference in New Issue
Block a user