Complete task 4 backend security architecture docs

This commit is contained in:
Siavash Sameni
2026-05-24 11:31:40 +04:00
parent 4cf5c49274
commit 6a451040d9
18 changed files with 1006 additions and 73 deletions

View File

@@ -1,23 +1,23 @@
---
taskmaster_id: "4.5"
status: "pending"
status: "done"
priority: "high"
depends_on: ["2"]
parent_id: "4"
source: "taskmaster"
generated_at: "2026-05-24T07:15:25.199Z"
generated_at: "2026-05-24T07:26:29.052Z"
---
# 4.5 - Decide session, passkey, and admin step-up architecture
- [ ] 4.5 - Decide session, passkey, and admin step-up architecture #taskmaster #priority/high #status/pending ⏫ 🆔 tm-4-5 ⛔ tm-2
- [x] 4.5 - Decide session, passkey, and admin step-up architecture #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-5 ⛔ tm-2
## Metadata
| Field | Value |
| --- | --- |
| Taskmaster ID | 4.5 |
| Status | pending |
| Status | done |
| Priority | high |
| Dependencies | 2 |
| Parent | 4 - Define backend security and refactor strategy from latest audit |
@@ -28,6 +28,8 @@ Choose browser session model and high-risk admin authentication requirements.
## Details
Completed. Produced `09 - Audits/Session and Authentication Architecture Decision.md`.
Decide localStorage versus httpOnly cookies, access/refresh token lifetimes, CSRF strategy, refresh rotation, WebAuthn requirements, OAuth requirements, device/session revocation, and whether payouts/role changes require step-up authentication or two-person approval.
## Verification