Comment on page
October 17, 2023
Context: We're professionalizing our front end: design system, component library, tailwindUI.
- what's the vision for how our front end should be structured relative to our API and users? (capturing tasks / ideas)
- what's been done so far?
- what's up next?
- are there open questions?
- dev environment: branch in github auto-deploying
- has its own environment variables
- def FE → dev API
- set a standard for secrets / environments
- as needed access
- don't expose tokens in the front end / repos
- JWT validated by the API against a secret key in DO
- refresh tokens prevent access
- token ⭤ user ID pair
- what about public front end views (no auth)?
- API can use permissions to prevent access/action (roles)
- the FE client can use its own
- logged in user credentials would override
- local, dev, prod all use same methodology
- research OAuth to estimate time / more specifically plan
- set up refresh tokens
- sketch roles/permissions