Skip to content

SSO: Login/Logout#4747

Draft
louispt1 wants to merge 2 commits into
masterfrom
sso
Draft

SSO: Login/Logout#4747
louispt1 wants to merge 2 commits into
masterfrom
sso

Conversation

@louispt1

@louispt1 louispt1 commented Jul 6, 2026

Copy link
Copy Markdown
Member

Context

Adopt shared JWT session cookie for authentication, retire per-app OAuth session

Mirrors etengine changes:

  • Replaced the local acess-token/session-based sign-in with the domain-wide etm_session cookie minted by MyETM.
  • current_user resolves via User.from_jwt! against the cookie claims
  • ETModel::Tokens is replaced with Identity::TokenDecoder (unified logic in the identity gem). Other superceded methods also retired or unified into the gem for etengine and etmodel
  • Adds session_access_token/session_access_token_expires_at helpers so my_etm_client/engine_client and the front-end can use the cookie's bearer token and know when to refresh, and app.coffee gains client-side refresh scheduling against that expiry.

Related - Goes with the other SSO: Login/Logout PRs:

identity rails
etengine
etmodel
myetm
collections
ETLauncher

Checklist

  • I have tested these changes --> NOTE: These changes were tested on the ETLauncher bridge network. Testing the federated cookie setup on the standard dev setup will not work because cookies cannot be federated across localhost as a domain
  • I have updated documentation as needed (comments only)
  • I have tagged the relevant people for review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant