Skip to content

Add cookie-based authentication for web UI with email verification flow#10

Open
Rockford Lhotka (rockfordlhotka) wants to merge 1 commit intomainfrom
feature/web-cookie-auth
Open

Add cookie-based authentication for web UI with email verification flow#10
Rockford Lhotka (rockfordlhotka) wants to merge 1 commit intomainfrom
feature/web-cookie-auth

Conversation

@rockfordlhotka
Copy link
Copy Markdown
Collaborator

@rockfordlhotka Rockford Lhotka (rockfordlhotka) commented Mar 12, 2026

Summary

  • Adds passwordless email verification login for both EstimatorMcp.Web and CatalogEditor
  • Cookie auth (7-day session, non-sliding) handles web UI access
  • Bearer token auth preserved for the /mcp endpoint via named policy
  • Includes PendingSignInService for one-time ticket exchange, EF Core migrations for verification tokens, and Azure Email Service integration

Test plan

  • Navigate to a protected page — should redirect to /account/login
  • Enter email, receive verification link, click it — should sign in and redirect
  • Verify /mcp endpoint still requires Bearer token
  • Verify logout clears session cookie and redirects to home
  • Confirm 7-day cookie expiry (non-sliding)

🤖 Generated with Claude Code

@rockfordlhotka @claude
Add cookie-based authentication for web UI with email verification flow
0de702a 
Implements passwordless email verification login for both EstimatorMcp.Web
and CatalogEditor. Cookie auth (7-day session) handles web UI access while
Bearer token auth is preserved for the /mcp endpoint.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rockfordlhotka