Add Authentication Ownership section - Portal/APIv2 responsibilities and explicit non-responsibilities
This commit is contained in:
parent
6e353c381f
commit
bd067ba801
21
UPSTREAMS.md
21
UPSTREAMS.md
@ -1,4 +1,4 @@
|
||||
# Upstreams – zlh-grind
|
||||
# Upstreams — zlh-grind
|
||||
|
||||
This repository tracks GPT execution work across upstream projects.
|
||||
|
||||
@ -24,3 +24,22 @@ This repository tracks GPT execution work across upstream projects.
|
||||
- Repo: `https://git.zerolaghub.com/jester/zlh-agent`
|
||||
- Role: Agent runtime for provisioning/install/verify/start workflows
|
||||
- Notes: Tagged `v0.1.0-dev` as the first dev snapshot.
|
||||
|
||||
---
|
||||
|
||||
## Authentication Ownership
|
||||
|
||||
### Portal
|
||||
- Owns identity UX (login, logout, session handling)
|
||||
- Stores JWT token
|
||||
- Attaches Authorization header to API calls
|
||||
|
||||
### APIv2
|
||||
- Validates credentials
|
||||
- Issues JWT tokens
|
||||
- Verifies tokens for protected routes
|
||||
- Persists user records
|
||||
|
||||
### Explicit Non-Responsibilities
|
||||
- API does not manage frontend sessions
|
||||
- Portal does not validate credentials directly
|
||||
|
||||
Loading…
Reference in New Issue
Block a user