Authentication Flow
We use JWT-based authentication.
- Client sends POST to
/api/loginwith credentials. - Server validates credentials against the PostgreSQL DB.
- Server returns an Access Token (15m expiry) and sets a HttpOnly Refresh Token cookie (7d expiry).