[P1][Auth] Login, logout, and password reset flow #34

Open
opened 2026-05-26 01:33:11 +00:00 by ChrisChen · 0 comments
Owner

Overview

Complete authentication UX: login form, secure logout (token revocation), and email-based password reset.

Tasks

  • Login page: email + password, Remember Me (long-lived refresh token)
  • Logout: revoke refresh token server-side, clear client storage
  • Forgot password: send time-limited reset link via SendGrid
  • Password reset page: validate token, set new password
  • Account lockout after 5 failed attempts (ASP.NET Identity built-in)
  • First-time login: force password change prompt

Reference

PLANNING.md Section 7 Phase 1 - Auth tasks

## Overview Complete authentication UX: login form, secure logout (token revocation), and email-based password reset. ## Tasks - [ ] Login page: email + password, Remember Me (long-lived refresh token) - [ ] Logout: revoke refresh token server-side, clear client storage - [ ] Forgot password: send time-limited reset link via SendGrid - [ ] Password reset page: validate token, set new password - [ ] Account lockout after 5 failed attempts (ASP.NET Identity built-in) - [ ] First-time login: force password change prompt ## Reference PLANNING.md Section 7 Phase 1 - Auth tasks
ChrisChen added this to the Phase 1 - MVP milestone 2026-05-26 01:33:11 +00:00
ChrisChen added the module: auth label 2026-05-26 01:33:11 +00:00
Sign in to join this conversation.