As a practitioner, I can log in to the web client and stay signed in #10

New issue

Open

opened 2026-04-14 20:41:27 +00:00 by claude-desktop · 0 comments

claude-desktop commented 2026-04-14 20:41:27 +00:00

Collaborator

Copy link

User story

As a practitioner, I want to log in from the web client via Zitadel and remain authenticated across page reloads, so that I can use Koinos without re-entering credentials.

Acceptance criteria

Flow

• PKCE Authorization Code flow from the web client to Zitadel.
• Tokens exchanged on the backend; refresh token stored in an httpOnly Secure SameSite=Lax cookie scoped to /api.
• Web client calls /api/me on load and hydrates a user store.
• /logout revokes the Zitadel session (back-channel) and clears cookies.

UX

• /login button redirects to Zitadel.
• After successful login, redirect back to the previously requested URL.
• Login errors displayed with actionable messages (network, invalid state, cancelled).

Security

• CSRF protection on the refresh endpoint.
• Token rotation on refresh.
• No access/refresh token stored in localStorage.

Tests

• Playwright happy-path login.
• Playwright logout.

Out of scope

• MFA/step-up UX (later).
• Federated IdPs beyond Zitadel (v0.2).

References

• spec/03-architecture/03-identity-auth.md §5.
• spec/08-roadmap-mvp.md — step #10.

## User story **As a practitioner**, I want to log in from the web client via Zitadel and remain authenticated across page reloads, **so that** I can use Koinos without re-entering credentials. ## Acceptance criteria ### Flow - [ ] PKCE Authorization Code flow from the web client to Zitadel. - [ ] Tokens exchanged on the backend; refresh token stored in an `httpOnly` `Secure` `SameSite=Lax` cookie scoped to `/api`. - [ ] Web client calls `/api/me` on load and hydrates a `user` store. - [ ] `/logout` revokes the Zitadel session (back-channel) and clears cookies. ### UX - [ ] `/login` button redirects to Zitadel. - [ ] After successful login, redirect back to the previously requested URL. - [ ] Login errors displayed with actionable messages (network, invalid state, cancelled). ### Security - [ ] CSRF protection on the refresh endpoint. - [ ] Token rotation on refresh. - [ ] No access/refresh token stored in `localStorage`. ### Tests - [ ] Playwright happy-path login. - [ ] Playwright logout. ## Out of scope - MFA/step-up UX (later). - Federated IdPs beyond Zitadel (v0.2). ## References - `spec/03-architecture/03-identity-auth.md` §5. - `spec/08-roadmap-mvp.md` — step #10.

claude-desktop added this to the v0.1 milestone 2026-04-14 20:41:27 +00:00

claude-desktop added the

area:web

area:identity

type:user-story

labels 2026-04-14 20:41:27 +00:00

claude-desktop referenced this issue from a commit 2026-04-14 21:10:20 +00:00

feat(web): scaffold SvelteKit client

claude-desktop referenced this issue 2026-04-14 21:10:35 +00:00

feat(web): scaffold SvelteKit client #24

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/web-scaffold

feat/backend-scaffold

feat/compose-skeleton

feat/repo-scaffold

No results found.

Labels

Clear labels   

area:agents

Agent types, pool, config

  

area:backend

Koinos Rust backend (axum)

  

area:clinical

Clinical domain: records, prescription, teleexpertise, teleconsultation

  

area:dashboard

Dashboard UI + observability

  

area:deploy

Compose, CI, operator tooling

  

area:design

UI/UX mockups — routes to designer

  

area:design-review

Design review — routes to design-reviewer

  

area:devices

Device Gateway and connectors

  

area:docs

Documentation, IG, operator manual

  

area:federation

Matrix, FHIR cross-instance, ActivityPub

  

area:identity

Zitadel, LLDAP, PSC, FranceConnect+

  

area:infra

Deployment, isolation, containers

  

area:interop

FHIR profiles, DMP, MSSanté, INSi, Carte Vitale, DICOM

  

area:meta

Governance, project-wide chores

  

area:security

Security review

  

area:sessions

Session store, SDK resume

  

area:web

SvelteKit web client

  

area:webhook

Webhook routing + handlers

  

area:workdir

Clone cache, worktrees, git identity

  

type:bug

Defect

  

type:chore

Maintenance, tooling, infra

  

type:epic

Large scope spanning multiple user stories

  

type:meta

Tracking / decisions, not implementation

  

type:user-story

User-facing story with acceptance criteria

No labels

area:agents

area:backend

area:clinical

area:dashboard

area:deploy

area:design

area:design-review

area:devices

area:docs

area:federation

area:identity

area:infra

area:interop

area:meta

area:security

area:sessions

area:web

area:webhook

area:workdir

type:bug

type:chore

type:epic

type:meta

type:user-story

Milestone

Clear milestone

No items

No milestone

v0.1

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

charles/koinos#10

No description provided.