Admin Login Flow

Understanding the authentication system for Streetkids Matter administrators

What Was Fixed

Database Schema Mismatch

The getUserByOpenId function was trying to fetch all columns from the database. We fixed it to explicitly select only the columns that exist: id, openId, name, email, role.

Session Token Creation

The session token was being created as a base64-encoded JSON string instead of a proper JWT token. We updated the testLoginAsAdmin procedure to use the SDK's createSessionToken() method.

Import Path Correction

Fixed the import of getSessionCookieOptions to use the correct module path: ./_core/cookies instead of ./_core/context.

Key Features
  • Secure JWT token creation with HS256 algorithm
  • Proper session cookie management with secure options
  • Role-based access control (RBAC) for admin verification
  • Development-only test login endpoint for testing
  • Automatic user session verification on protected routes