peterwood/docs
1
0
Fork 0
mirror of https://github.com/acedanger/docs.git synced 2025-12-05 22:50:12 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
140f3b71a2c5ad6c4e180bf804cbb735c03749bf
docs/api-reference/auth.mdx
Peter Wood c6eb26037b feat: Add CI/CD setup guide with Gitea Actions for trading analysis application 
feat: Implement multi-user support with separate brokerage accounts and user authentication

feat: Configure SSO authentication setup using Google OAuth 2.0 for secure access

refactor: Update index page to reflect new Trading Analysis Dashboard features and descriptions

docs: Enhance quickstart guide for deploying Trading Analysis Dashboard with detailed steps

chore: Add runner configuration for Gitea Actions with logging and container settings
2025-11-14 12:43:09 -05:00

142 lines
2.9 KiB
Plaintext
Raw Blame History

---
title: 'Authentication'
description: 'OAuth 2.0 authentication endpoints and flow'
---
## Overview
The Trading Analysis Dashboard uses Google OAuth 2.0 for secure authentication. All API endpoints require an authenticated session.
## Authentication Flow
<Steps>
<Step title="User visits application">
Unauthenticated users are redirected to the login page
</Step>
<Step title="Click Sign in with Google">
User initiates OAuth flow by clicking the Google sign-in button
</Step>
<Step title="Google authorization">
User is redirected to Google to authorize the application
</Step>
<Step title="Callback">
Google redirects back to the application with authorization code
</Step>
<Step title="Session created">
Application exchanges code for tokens and creates a secure session
</Step>
<Step title="Access granted">
User is redirected to the dashboard with an authenticated session
</Step>
</Steps>
## Endpoints
### Login Page
```
GET /auth/login
```
Displays the login page for unauthenticated users.
### Initiate OAuth
```
GET /login
```
Redirects user to Google OAuth authorization page.
### OAuth Callback
```
GET /auth/callback
```
Handles the OAuth callback from Google and creates user session.
**Query Parameters:**
- `code` (string): Authorization code from OAuth provider
- `state` (string): State parameter for security
### Logout
```
GET /logout
```
Clears user session and logs out the user.
### User Profile
```
GET /auth/profile
```
Displays user profile information (requires authentication).
## Session Management
- Sessions are stored server-side using Flask sessions
- Session cookies are HTTP-only and secure (in production)
- Sessions expire after a period of inactivity
- Users must re-authenticate after session expiration
## User Authorization
Access is controlled by the `AUTHORIZED_USERS` environment variable:
```env
AUTHORIZED_USERS=user1@example.com,user2@example.com,user3@example.com
```
Only users with email addresses in this list can access the application after authenticating with Google.
## Error Responses
### 401 Unauthorized
```json
{
"success": false,
"error": "Authentication required",
"redirect_to_login": true
}
```
### 403 Forbidden
```json
{
"success": false,
"error": "Access denied. User not authorized."
}
```
## Security Best Practices
<CardGroup cols={2}>
<Card title="HTTPS Only" icon="lock">
Always use HTTPS in production for OAuth callbacks
</Card>
<Card title="Secure Sessions" icon="shield-check">
Session cookies are HTTP-only and secure
</Card>
<Card title="User Whitelist" icon="users">
Only authorized email addresses can access the application
</Card>
<Card title="Token Security" icon="key">
OAuth tokens are never exposed to the client
</Card>
</CardGroup>
## Configuration
See the [SSO Setup Guide](/guides/setup/sso) for detailed configuration instructions.
Reference in New Issue View Git Blame Copy Permalink