MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · Altien/mikeOssAzure · Auth provider abstraction (Supabase / Entra / local HS256) · commit ec310e59

feat(auth): local HS256 provider + login/OpenID routes

↗ view on GitHub · Allen Morgan · 2026-05-08 · ec310e59 

Adds the third arm of the auth boundary - a local HS256 provider for
the docker-compose dev stack - plus the routes that drive provider-
flow logins:

  * lib/auth/providers/local.ts - stdlib-only HS256 verification.
    No new dependency.  When PostgREST eventually moves to JWKS, this
    becomes a thin jose wrapper and call sites stay the same.

  * routes/auth.ts - three families of routes:
      - POST /local-login        : mints an HS256 token for a stub email
                                   when AUTH_PROVIDER=local
      - GET  /providers          : lists available IdPs for the frontend
      - GET  /logout             : provider-aware sign-out (entra clears
                                   the IdP session, others bounce to /login)
      - GET  /select-provider, /login-provider/:id, /openid-callback/:id
                                 : Entra OIDC code-flow with HMAC-signed
                                   state cookie

  * Middleware now dispatches the "local" branch.

The router itself is added to the codebase but not yet mounted on the
Express app - the index.ts wiring (and the API prefix shift) lands in a
later commit so this one stays focused on the provider boundary.
Repository Altien/mikeOssAzure
Author Allen Morgan <amorgan@altien.com>
Authored
Parents f9eb061c
Stats 3 files changed , +398
Part of Auth provider abstraction (Supabase / Entra / local HS256)

Capture this commit into my fork

Download a Markdown prompt that tells Claude how to port this exact commit into your working tree. Run it via claude -p < capture-commit-ec310e59.md from inside the repo you want the change in.

⬇ Download capture-commit-ec310e59.md