Julien Gautier 092ccb7bda
CI / scan (pull_request) Successful in 3m18s
CI / commits (pull_request) Successful in 3m19s
CI / check (pull_request) Successful in 3m31s
CI / a11y (pull_request) Successful in 2m28s
CI / perf (pull_request) Successful in 6m24s
feat(portal-shell): wire SPA auth state to BFF /me + header login/logout widget
first user-visible piece of the auth track. portal-shell now consumes
the bff auth surface and the header reflects sign-in state.

libs/feature/auth replaces the empty nx scaffold with an AuthService
that:
  - fetches /api/auth/me on first injection (unawaited so the first
    paint isn't blocked behind the round-trip).
  - holds a signal-backed discriminated AuthState — loading /
    anonymous / authenticated / error — so templates switch on .kind
    and the type narrows automatically.
  - exposes currentUser + isLoading computed signals on top.
  - provides login() / logout() / refresh() methods. navigation
    goes through an injected AUTH_NAVIGATOR token whose default
    calls window.location.assign(url) — tests substitute a vi.fn()
    instead of redefining window.location (which jsdom resists
    across multiple specs in the same file).

distinct error state vs. anonymous: a network failure surfaces a
"Can't reach the server" chip; a 401 surfaces the sign-in button.
treating any /me failure as anonymous would silently hide outages.

curated CurrentUser type mirrors the bff's /me response (oid, tid,
username, displayName) — no amr, no internal claims. consumers
import it without pulling in angular http types.

the host wires AUTH_BFF_BASE_URL from environment.ts (per adr-0018)
and AUTH_NAVIGATOR is providedIn:'root' with the window.location
default, so apps don't need to touch it. tsconfig.app.json picks up
the new lib reference via `nx sync`.

header user-widget renders four states with i18n message ids
(header.signIn / header.signOut / header.userMenu.loading /
header.authError). avatar shows the user's initials computed from
displayName ("JD" for "Jane Doe"); display name shows on sm: and
up so the rail stays compact on narrow viewports.

out of scope (next prs):
- route guards
- auto-refresh before idle timeout
- http interceptor that redirects to /auth/login on bff 401s
2026-05-12 20:10:33 +02:00

Documentation index

This is the entry point to all project documentation. It is maintained automatically: any addition, rename, or removal of a .md file under docs/ must be reflected here in the same change.

Conventions

  • Documentation is written in English.
  • One topic per file. Group related files into a folder when there are three or more.
  • Cross-reference with relative links so they keep working in GitHub, IDEs, and exported sites.
  • For architectural decisions, do not add them here — they belong in decisions/ as MADR 4.0.0 ADRs.

Sections

Daily development

  • development.md — repo layout, prerequisites, initial setup, daily commands, observability dev-loop (Jaeger UI, log ↔ trace correlation), dependency updates (Renovate), conventional commit cycle. Day-to-day reference for working on the project.

Architecture

  • architecture.md — cross-cutting Mermaid diagrams: C4 system context, C4 containers, Nx module boundaries, CI/CD pipeline. Single-decision diagrams (auth sequence, ERD, etc.) live inline in their ADR.

Onboarding & environment

Setup guides for new contributors:

Operations & runbooks

Empty — to be populated when we deploy.

Security, performance, accessibility

Empty — placeholders to be filled with rationale docs alongside their corresponding ADRs.

S
Description
No description provided
Readme 42 MiB
Languages
TypeScript 85.3%
JavaScript 5.4%
SCSS 4.3%
HTML 3.9%
Shell 0.8%
Other 0.3%