Login page drops Supabase auth in favor of local JWT endpoint

Commit `5061e2d` rewrites the login page to POST credentials to `/api/v1/auth/token` on the Python backend instead of calling `supabase.auth.signInWithPassword`. The JWT comes back and gets stored in `localStorage` as `canadian_jwt`.

securitycompliance

The change removes the Supabase import entirely from login/page.tsx. The new flow calls fetch("/api/v1/auth/token", { method: "POST", body: JSON.stringify({ email, password }) }), stores data.access_token in localStorage, then navigates to /assistant. The login heading changes from "Log In" to "Log In (LSO Compliant)" and the footer note shifts from the original demo disclaimer to a data sovereignty framing.

The same commit renames redline_parser.py to blackline_parser.py - a zero-content file move, riding along for the Canadian terminology cleanup.

There's an important caveat: signup (signup/page.tsx) still uses Supabase. The PIPEDA compliance commit modifies signup against Supabase as well. So this fork has split auth: the login page points to the self-hosted JWT endpoint, while signup and other parts of the app still depend on Supabase. Two auth paths, and there's no indication they share a user store.

The Python /api/v1/auth/token endpoint itself (from Phase 2) doesn't validate credentials - it issues a token for {"sub": "lawyer_demo"} regardless of what's in the request body. So the "LSO Compliant" branding on the login button is aspirational at this stage.

So what Skip unless you're specifically trying to remove Supabase from the auth path and have already built out a real credential store. The pattern itself (swap `supabase.auth.signInWithPassword` for a self-hosted token endpoint) is simple, but the fork's implementation has no real credential validation and creates an inconsistent auth split across the app.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from jrklaus8/mike-Canada, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
5061e2d7 feat: Replace Supabase with Local JWT for LSO Data Sovereignty on Login Page MikeOSS Bot 2026-05-22 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-540.md from inside the repo you want the changes in.

⬇ Download capture-thread-540.md