The admin SPA's useAuth hook probes /auth/refresh on mount and calls /auth/logout on sign-out, but both were dropped in the per-feature → monolith consolidation (they lived in the old @features/admin backend), so every page load bounced back to SSO. Convert authSurface into createAuthSurface(opts) and mount it before the /admin/* SSO guard: /refresh runs ssoRequired (401 on missing/invalid cookie, 200 otherwise) and /logout expires the session cookie via clearSessionCookie (idempotent 200). |
||
|---|---|---|
| .. | ||
| @features | ||
| @packages | ||
| config.yaml | ||
| package.json | ||
| tsconfig.base.json | ||