r-dash-azure-ad-deferred-local-auth-v1-stack
Azure AD SSO was initially specified as the auth provider but was corrected mid-session: Runwal’s Azure AD work was not complete, so v1 uses local auth only. Stack: argon2id password hashing, TOTP MFA mandatory (pyotp + recovery codes), JWT in HttpOnly+Secure+SameSite=Lax cookies (15m access / 7d refresh), slowapi rate limiting (5/min/IP login), 10-fail lockout, admin-only provisioning. Azure AD SSO interfaces are stubbed in v1 for future wiring — dual-mode migration path preserved.
Related
- r-dash-auth-amendment-local-auth-v1-azure-ad-sso-deferred
- r-dash-architecture-freeze-checkpoint-2
- claude-desktop-custom-connector-requires-oauth-not-bearer
- desktop-custom-connector-requires-oauth2-dcr-not-bearer
- claude-desktop-oauth-dcr-incompatible-with-bearer-auth
- r-same-azure-ad-sso-deferred-local-auth-v1
- r-same-local-auth-v1-azure-ad-deferred
- r-same-auth-constant-time-generic-errors-required
- azure-ad-sso-deferred-local-auth-migration-path
- argon2id-owasp-2024-config-and-password-policy
- azure-ad-sso-deferred-local-auth-v1-stub-interfaces
- secret-scanner-flags-test-passwords-without-constant-label
- r-same-local-auth-v1-azure-ad-sso-deferred
- r-same-azure-ad-sso-deferred-v1-local-auth-only