[FE] Implement Authentication

[edichoska]

• [x] Add Sign In and Sign Up buttons in Navigation
• [x] Create authentication context and add login, logout, fetch user methods
• [x] Save token and create session

[davorminchorov]

We will be using Laravel Sanctum for authentication, specifically the SPA mode so investigate how to integrate that.

[stefanatanasovmk]

Some questions about the ticket:

1. There is 2 login routes in the API, one for content and the other for admin. Shall we do the login only for content users?
2. Shall we fetch the XSRF-TOKEN route on initial page load, as I presume the token needs to be included when making the login request?
3. Is this expected workflow: user enter password and email -> client make an request to the server /login route -> the server returns token and the user info -> client encrypt the token and user info, stringify it and save it into a session cookie? Or does the server sets a cookie when login is successful?
4. What the login route returns when user is authenticated, it's not specified in the docs.
5. Shall me make the login for the third-party auth as well, as I saw there is route for github, google, linkedin... login?
6. Can we get already registered user, or where to signup? As I didn't see the signup route in the docs. and I would like to see how it works when log in.

[davorminchorov]

There are 3 endpoints for logging in currently: admin, content and platform. This ticket is for logging in to the content endpoint I assume, although all 3 endpoints will have a similar implementation.

As for the process on how to authenticate, you can check the Laravel Docs to understand the process. I am assuming NexJS Auth has support for Laravel Sanctum as well.

The 3rd party logging in (and sign up) is for the platform only. There are no sign up routes for content and admin, they are supposed to be invite only.

I can provide you content manager credentials for signing in.

[edichoska]

@davorminchorov Could the BE team improve the docs about 4.? As Davor explained: We don't have Sign Up for the content panel. The user will be invited by email. On click on that link the user will be redirected to a page, where they would just add a password & confirm that password.( I assume this is still not implemented? @davorminchorov)

1. Yes. Focus only on content panel. 2 & 3. On the right track, read documentation.
2. Will see with BE team.
3. We don't have SSO for the content panel.

[davorminchorov]

The current implementation does not support the SPA mode yet, but the docs will be updated once that's done.

The invitation of users will be done via the admin panel so that's irrelevant for this ticket specifically.

[edichoska]

Of course it is relevant for Stefan to know how the whole flow is going to be.

[davorminchorov]

I added the accounts that can be used for testing the API on Discord. The invite content manager API is still in the works, will be available soon.

Also, the current implementation for the API endpoints use the usual JWT token approach like Stefan mentioned but we will change it soon to use the SPA mode.

[davorminchorov]

The authentication API endpoints are now using the SPA mode so feel free to implement them.

[davorminchorov]

Once https://github.com/learnhubmk/api/issues/132 is done on the backend, you can re-implement the authentication to use JWT tokens.

[davorminchorov]

JWT authentication has been implemented on the backend, feel free to check the API docs to learn more how to use it. Let me know if you have any questions.