EPIC: Authentication & Session Management (JWT + Refresh) #2065
Description
Overview
Implement secure JWT-based authentication with refresh tokens to enable seamless user sessions, protect APIs, and support safe login, refresh, and logout across devices using industry best practices.
Action Items
- Login #2066
- Access protected API with JWT #2067
- Refresh access token (silent) #2068
- Refresh token rotation #2071
- Logout (single device) #2072
- Logout all devices #2073
- Session management per device #2074
- CSRF protection for cookie-based refresh #2075
- Error handling and UX #2076
- Observability & audit #2077
Resources/Instructions
Login Flow :
mermaid script: loginflow.md
