# October 17, 2023

Context: We're professionalizing our front end: design system, component library, tailwindUI.

Agenda:

* what's the vision for how our front end should be structured relative to our API and users? (capturing tasks / ideas)
* what's been done so far?
* what's up next?
* are there open questions?

### Goals

* dev environment: branch in github auto-deploying 
  * has its own environment variables
  * def FE → dev API
* set a standard for secrets / environments
  * as needed access 
* don't expose tokens in the front end / repos
  * JWT validated by the API against a secret key in DO
  * refresh tokens prevent access
  * token ⭤ user ID pair
    * what about public front end views (no auth)?
  * API can use permissions to prevent access/action (roles)
  * the FE client can use its own `client` token
  * logged in user credentials would override `client` token
  * local, dev, prod all use same methodology
* consider an isolated back end service for users/OAuth
  * better security, separation of concerns
  * <https://oauth.net/2/>
  * let's not use Supabase auth to database, it should be the API

### To Do

* [ ] research OAuth to estimate time / more specifically plan
* [ ] set up refresh tokens
* [ ] sketch roles/permissions


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pdap.io/meta/community-calls/october-17-2023.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.