Architecture
Components
Supabase Auth
- Purpose: Handles user authentication and session management
- Technology: Supabase Auth service
- Key Functions:
- Email/password verification
- Session token generation
- Password reset functionality
TOTP 2FA System
- Purpose: Mandatory second factor authentication
- Technology: TOTP (Time-based One-Time Password)
- Key Functions:
- Generate 6-digit time-based codes
- Verify codes against user’s authenticator app
- Block access without valid 2FA
Session Management
- Purpose: Maintain secure user sessions
- Technology: JWT tokens with Supabase
- Key Functions:
- Automatic session refresh
- Session timeout handling
- Cross-tab session synchronization
Implementation
Login Process
React form with email/password validation, connects to Supabase Auth API.2FA Verification
TOTP code verification using Supabase’s built-in 2FA, required for all users.Session Storage
JWT tokens stored in browser, automatically refreshed by Supabase client.All users must have 2FA enabled - no exceptions for any role