Grenmet Shared AuthFastAPI session-backed
One login surface for every Grenmet web app.
The browser only keeps an opaque session secret in an HttpOnly cookie. FastAPI stays authoritative for sign-in, token exchange, rotation, and logout.
Cookie Model
Shared session cookie owned by the auth app, not a browser-readable JWT.
Authority
FastAPI issues and revokes sessions, and mints short-lived access tokens on demand.
Flow
Sign in here once, then redirect back into the app that requested auth.
Sign in
Authenticate once, then move back into the app.
Use this page as the central login entry point for Grenmet web apps.
Allowed absolute return destinations are controlled by the AUTH_ALLOWED_RETURN_HOSTS env var. Relative paths are always allowed.