Portal — context index

Vault path alias: Projects/anabatic-sso/ (hub [[Projects/anabatic-sso/anabatic-sso]]).

TL;DR

Vault-side narrative for Portal (single sign-on) within Anabatic internal apps ([[Areas/Anabatic/Anabatic]]). Other stacks or SSO systems elsewhere are not covered—see [[Areas/Anabatic/Tech stack]]. How internal apps delegate login, how cookies establish trust with APIs, and how RBAC / menus stay consistent. Technical env URLs and repo paths should be added when confirmed.

Stack (summary)

• Group defaults: [[Areas/Anabatic/Tech stack]]
• Auth transport: browser cookies between portal/IdP, Angular apps, and NestJS APIs (exact routes and header conventions — to document).

Sections to add

• Auth flow — step-by-step from user hit to authenticated API call.
• Menu system — where menu JSON/trees come from and how they align with product routes.
• RBAC — role sources, assignment surfaces, API enforcement vs UI gating.
• New app onboarding — Portal/IdP registration, callback URLs per environment, cookie domain rules, required middleware.

Related

• [[Projects/anabatic-sso/anabatic-sso]]
• [[Areas/Anabatic/Tech stack]]