Backlog: Implement authentication
TL;DR
Done (2026-05-17): Auth.js (next-auth v5) with Google OAuth, JWT sessions, MongoDB adapter, middleware + API requireSession. Evergreen pattern: [[Resources/Tech/Auth.js/Auth.js Next.js JWT Google MongoDB adapter pattern|Resources/Tech]]; Lumen file map: [[Projects/lumendev-invoice/context/authjs-implementation|context]]; [[Projects/lumendev-invoice/changelog/2026-05-17-authjs-shipped|changelog]]; app AGENTS.md.
Description
- Problem / user story: Operators need a logged-in boundary; the app previously shipped without packaged auth.
- Context / constraints: Next.js App Router; MongoDB for domain data + Auth adapter collections; detailed env/runbook in app
AGENTS.md until docs/ submodule exists.
Acceptance Criteria
- [x] Unauthenticated users cannot read or mutate invoice data (except explicitly public routes if any).
- [x] Session or token story documented; local dev path documented (
AGENTS.md, .env.example).
- [ ] Basic regression pass on invoice editor, mark paid, and PDF flows under auth (manual smoke — operator).
Priority
- Priority: p1
- Rationale: Foundational for any non-local deployment.
Dependencies
- Blocks:
- Blocked by:
- Related ADR:
Links
- Project context: [[Projects/lumendev-invoice/context/index]]
- Implementation map: [[Projects/lumendev-invoice/context/authjs-implementation]]
- Changelog: [[Projects/lumendev-invoice/changelog/2026-05-17-authjs-shipped]]
- Ticket / Issue:
Notes
- Origin: inbox capture Lumen Invoice app todos (processed 2026-05-17).
- Provider: Google OAuth; optional GitHub noted in app
AGENTS.md.