peterwood/docs
1
0
Fork 0
mirror of https://github.com/acedanger/docs.git synced 2025-12-05 22:50:12 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
09bab6f98bb66c8c19ecf62bb041123b9e3d25d0
docs/api-reference/auth.mdx
Peter Wood 52af361158 Refactor API documentation: 
- Removed SSO configuration section from auth.mdx
- Added new calendar.mdx for calendar data endpoints
- Introduced health.mdx for health check endpoints
- Updated introduction.mdx to include new symbols and calendar sections
- Created portfolio-additional.mdx for additional portfolio operations
- Added symbol-details.mdx for detailed symbol information
- Created symbols-summary.mdx for comprehensive symbol statistics
- Added symbols.mdx for retrieving all traded symbols
- Created upload-csv.mdx for uploading transaction history and realized gains
- Added upload-history.mdx for retrieving upload history
- Updated docs.json to reflect new and modified documentation structure
2025-11-14 16:14:03 -05:00

138 lines
2.8 KiB
Plaintext
Raw Blame History

---
title: 'Authentication'
description: 'OAuth 2.0 authentication endpoints and flow'
---
## Overview
The Trading Analysis Dashboard uses Google OAuth 2.0 for secure authentication. All API endpoints require an authenticated session.
## Authentication Flow
<Steps>
<Step title="User visits application">
Unauthenticated users are redirected to the login page
</Step>
<Step title="Click Sign in with Google">
User initiates OAuth flow by clicking the Google sign-in button
</Step>
<Step title="Google authorization">
User is redirected to Google to authorize the application
</Step>
<Step title="Callback">
Google redirects back to the application with authorization code
</Step>
<Step title="Session created">
Application exchanges code for tokens and creates a secure session
</Step>
<Step title="Access granted">
User is redirected to the dashboard with an authenticated session
</Step>
</Steps>
## Endpoints
### Login Page
```
GET /auth/login
```
Displays the login page for unauthenticated users.
### Initiate OAuth
```
GET /login
```
Redirects user to Google OAuth authorization page.
### OAuth Callback
```
GET /auth/callback
```
Handles the OAuth callback from Google and creates user session.
**Query Parameters:**
- `code` (string): Authorization code from OAuth provider
- `state` (string): State parameter for security
### Logout
```
GET /logout
```
Clears user session and logs out the user.
### User Profile
```
GET /auth/profile
```
Displays user profile information (requires authentication).
## Session Management
- Sessions are stored server-side using Flask sessions
- Session cookies are HTTP-only and secure (in production)
- Sessions expire after a period of inactivity
- Users must re-authenticate after session expiration
## User Authorization
Access is controlled by the `AUTHORIZED_USERS` environment variable:
```env
AUTHORIZED_USERS=user1@example.com,user2@example.com,user3@example.com
```
Only users with email addresses in this list can access the application after authenticating with Google.
## Error Responses
### 401 Unauthorized
```json
{
"success": false,
"error": "Authentication required",
"redirect_to_login": true
}
```
### 403 Forbidden
```json
{
"success": false,
"error": "Access denied. User not authorized."
}
```
## Security Best Practices
<CardGroup cols={2}>
<Card title="HTTPS Only" icon="lock">
Always use HTTPS in production for OAuth callbacks
</Card>
<Card title="Secure Sessions" icon="shield-check">
Session cookies are HTTP-only and secure
</Card>
<Card title="User Whitelist" icon="users">
Only authorized email addresses can access the application
</Card>
<Card title="Token Security" icon="key">
OAuth tokens are never exposed to the client
</Card>
</CardGroup>
Reference in New Issue View Git Blame Copy Permalink