makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
Files
39e27cf516873a4e561d6303738d7ad47054dc29
GearBox/.planning/phases/15-external-authentication/15-DISCUSSION-LOG.md

2.7 KiB
Raw Blame History

Phase 15: External Authentication - Discussion Log

Audit trail only. Do not use as input to planning, research, or execution agents. Decisions are captured in CONTEXT.md — this log preserves the alternatives considered.

Date: 2026-04-04 Phase: 15-external-authentication Areas discussed: Auth Provider Choice, Session Migration Strategy, Login Flow UX, Existing User Migration Mode: --auto --batch (all decisions auto-selected)

Auth Provider Choice

Option Description Selected
Logto Lightweight, purpose-built auth, no Redis, first-class OIDC, simpler deployment
Authentik Full IdP suite, more features but heavier, may need Redis, more complex setup

User's choice: Logto (auto-selected) Notes: Matches project's "no Redis" out-of-scope constraint. Logto is simpler to deploy and maintain for a single-app use case.

Session Migration Strategy

Option Description Selected
Replace with OIDC session management Logto handles sessions, remove users/sessions tables from GearBox
Hybrid — keep GearBox sessions populated from OIDC Validate OIDC on login, create local session for subsequent requests
Token-only — validate OIDC token on every request No local sessions, every request validates against Logto

User's choice: Replace with OIDC session management (auto-selected) Notes: Simplifies the codebase by removing credential management from GearBox entirely. API keys remain as the programmatic access path.

Login Flow UX

Option Description Selected
Redirect to Logto login page Standard OIDC redirect, Logto handles UI for login/register/reset
Embedded login form via Logto SDK Use Logto's SDK to render login inline within GearBox

User's choice: Redirect to Logto login page (auto-selected) Notes: Standard OIDC pattern. More secure, less maintenance — Logto owns the login/registration UX.

Existing User Migration

Option Description Selected
Manual re-registration on Logto User creates account on Logto, migration script links to GearBox data
Automated import from GearBox users table Script creates Logto user from existing credentials

User's choice: Manual re-registration on Logto (auto-selected) Notes: Only one existing user — automation not worth the complexity.

Claude's Discretion

  • Logto SDK choice
  • Token storage mechanism
  • Logto configuration and branding
  • User ID mapping strategy
  • E2E test auth approach

Deferred Ideas

None — discussion stayed within phase scope

Reference in New Issue View Git Blame Copy Permalink