The current test deployment of the system only has one (mock) user in the database, and authentication is handled as an external Basic Auth check in nginx.
Having the system be an actual multiuser system, with a proper login interface is necessary for daily use.
Handling this through JWTs in cookies seems like a reasonable option. FastAPI (our backend) is fiercely stateless, so this is the only real officially supported solution. See https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/ (implementation should probably not be exactly like this)
Running an off-the-shelf OAuth provider, for example Authentik might be a nice solution to save some work. We would need a user ID to assign ownership of files, and a name to display on the frontend.
The current test deployment of the system only has one (mock) user in the database, and authentication is handled as an external Basic Auth check in nginx.
Having the system be an actual multiuser system, with a proper login interface is necessary for daily use.
Handling this through JWTs in cookies seems like a reasonable option. FastAPI (our backend) is fiercely stateless, so this is the only real officially supported solution. See https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/ (implementation should probably not be exactly like this)
Running an off-the-shelf OAuth provider, for example Authentik might be a nice solution to save some work. We would need a user ID to assign ownership of files, and a name to display on the frontend.