Appearance
Authentication
Login, session management, password reset, and security features.
Flow Overview
1. Login
| Route | /login |
| Layout | LoginLayout |
- Email and password input
- Remember Me option:
- Off → 30-minute session
- On → 7-day session
- 2FA/OTP verification (if user has it enabled)
- On success → JWT token stored, redirect to dashboard
Session & Token Management
- JWT token-based authentication
- Auto-refresh every 5 minutes (silent background refresh)
- On refresh failure → automatic logout
- Token stored in
localStorage
2. Forgot Password
| Route | /forgot-password |
| Layout | LoginLayout |
- User enters registered email
- System sends password reset link via email
- Success confirms email sent
- Link redirects to password reset page
3. Reset Password (Authenticated)
| Route | /settings/reset-password |
| Layout | MainLayout (authenticated) |
- Current password verification
- New password with strength meter (min 8 chars, upper, lower, number, special)
- Confirmation field
- Auto-logout after change — user must re-login with new password
4. Security Features
| Feature | Description |
|---|---|
| JWT Tokens | Short-lived tokens with silent refresh |
| OTP Verification | Required for sensitive operations (withdrawal, contract signing, registration) |
| 2FA Support | Optional two-factor authentication via OTP |
| Session Tracking | Active sessions visible in settings |
| 403 Interceptor | Global handler for forbidden access — redirects to login |
Next: Dashboard →