Aladaia — Client SPA
Validates the OIDC code+PKCE flow end-to-end against the
aladaia-client-web client.
Initializing…
Identity
preferred_username—
email—
tenant_id—
groups—
iss—
aud—
sub—
exp—
Access token (parsed)
…
Access token (raw — copy into jwt.io to verify the signature)
…
Call api.aladaia.localhost (slice 3a — through Traefik + forward-auth)
Sends GET https://api.aladaia.localhost/whoami with the bearer JWT.
Traefik calls forward-auth → forward-auth validates the token, resolves
tenant_id → backend, returns 200 + X-Auth-* headers →
api-stub echoes those headers back as JSON.
…