Skip to content

docs: document session management and OIDC state transfer #5329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

docs: document session management and OIDC state transfer #5329

Copilot wants to merge 3 commits into from
+465 −0

Conversation

Copy link

Copilot AI commented Jan 30, 2026
edited
Loading

Context

Documents the Redis-backed session architecture used for OIDC and OAuth authentication flows. Answers: What handles server sessions? How is organization slug preserved across IDP redirects?

Key points:

  • Sessions: @fastify/session + connect-redis with 10min TTL
  • OIDC flow: orgSlug → Redis session → callback retrieval → config lookup → session destruction
  • Security: session regeneration, cookie signing, HTTPS enforcement, ephemeral state

Files added:

  • backend/docs/SESSION_MANAGEMENT.md - Complete architecture, flows, security model
  • backend/docs/SESSION_QUICK_REFERENCE.md - Quick lookup for common questions
  • backend/docs/README.md - Documentation index

Example from OIDC flow:

// Login: store org slug in Redis session
await req.session.regenerate();
req.session.set("oidcOrgSlug", orgSlug);

// Callback: retrieve slug to fetch org-specific config
const oidcOrgSlug = req.session.get("oidcOrgSlug");
const strategy = await getOrgAuthStrategy(oidcOrgSlug);

// Cleanup: destroy ephemeral session
await req.session.destroy();

Screenshots

N/A

Steps to verify the change

Review documentation in backend/docs/ directory.

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@maidul98
Copy link
Collaborator

maidul98 commented Jan 30, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copilot AI and others added 2 commits January 30, 2026 22:18
@maidul98
Add comprehensive session management documentation
45ff4dc 
Co-authored-by: maidul98 <9300960+maidul98@users.noreply.github.com>
@maidul98
Fix documentation: clarify typesense typo in quoted code comment
ed19b17 
Co-authored-by: maidul98 <9300960+maidul98@users.noreply.github.com>
Copilot AI changed the title [WIP] Add support for OIDC org slug state transfer docs: document session management and OIDC state transfer Jan 30, 2026
Copilot AI requested a review from maidul98 January 30, 2026 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maidul98 maidul98 Awaiting requested review from maidul98

At least 1 approving review is required to merge this pull request.

Assignees

@maidul98 maidul98

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maidul98