2Wee

Authentication

Summary

Password-based login with Bearer tokens. The login form is a standard ScreenContract rendered by the same card renderer used for everything else.

User-facing behavior

First launch (no stored token)

  1. Client tries to load the main menu
  2. Server returns 401 Unauthorized
  3. Client fetches the login screen (GET /auth/login)
  4. Server returns a Card with username and password fields
  5. User fills fields and presses Enter
  6. Client submits credentials (POST /auth/login)
  7. Server returns a token and the main menu
  8. Client stores the token and renders the menu

Subsequent launch (stored token)

  1. Client loads the stored token
  2. Client fetches the main menu with the token
  3. Server returns the menu

Token expired mid-session

  1. Any request returns 401 Unauthorized
  2. Client clears the token and screen stack
  3. Client redirects to the login screen

Logout

The quit modal (when authenticated) offers a "Log Out" option that clears the token and returns to the login screen.