Skip to content

feat(site): document the WorkOS hosted sign-in (AuthKit) architecture#12

Merged
bryanfawcett merged 1 commit into
mainfrom
claude/mukoko-auth-workos-mfa-m49vfu
Jul 15, 2026
Merged

feat(site): document the WorkOS hosted sign-in (AuthKit) architecture#12
bryanfawcett merged 1 commit into
mainfrom
claude/mukoko-auth-workos-mfa-m49vfu

Conversation

@bryanfawcett

Copy link
Copy Markdown
Contributor

Why

The identity section was an explicit stub. The recent auth work in nyuchi/mukoko-news (#146/#147 — hosted AuthKit switch, MFA fix, cross-app SSO) settled the sign-in doctrine and surfaced hard-won operational lessons worth writing down before they're forgotten. Branch rebuilt from the latest main (on top of the Kweli guides and CLAUDE.md added by other sessions).

What changed

  • New page identity/authkit.mdx ("Hosted sign-in (AuthKit)"):
    • The doctrine: the WorkOS-hosted page is the only sign-in surface (owner correction 2026-07-09), and why — the environment enforces MFA = Required (hosted handles enrolment + challenge natively), and the shared environment-level session is what gives continuous sign-in across every Nyuchi/Mukoko app.
    • The environment layout: one production environment, per-app AuthKit applications with a client table — plus a warning box about the wrong-client-ID misconfig that broke production sign-in on news.mukoko.com.
    • The Next.js integration pattern from the mukoko-news reference implementation: /sign-in funnel with no-loop error card, /auth/login initiate-login endpoint as the only getSignInUrl() call site, hardened /auth/callback, server-side gates.
    • The getSignInUrl() cookie-write pitfall (throws during page render) as a tip box.
    • A per-app configuration checklist, the FastAPI backend variant (mukoko-platform platform-JWT flow), and the org-scoped authorization note.
  • identity/overview.mdx: new "Landed" section linking the page; ticked the hosted-sign-in items off the TODO list; stub caution retained for the rest.
  • astro.config.mjs: sidebar entry added (the sidebar is the source of truth for new pages).

Testing

  • pnpm install && pnpm build — site builds clean, 50 pages, Pagefind index OK.

🤖 Generated with Claude Code

https://claude.ai/code/session_0113jJUqEQnhpqFB3PTh2RfA


Generated by Claude Code

New identity/authkit page: the hosted-page doctrine (owner correction
2026-07-09), why hosted (required MFA handled natively + the shared
environment session that gives continuous sign-in across apps), the
per-app AuthKit application layout with client table, the Next.js
integration pattern from mukoko-news (/sign-in funnel, /auth/login
initiate-login endpoint as the only getSignInUrl call site, hardened
callback, server-side gates), the getSignInUrl cookie-write pitfall,
the per-app configuration checklist (including the wrong-client-id
misconfig that broke production), the FastAPI backend variant, and the
org-scoped authorization note. Identity overview updated to link it;
sidebar entry added.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0113jJUqEQnhpqFB3PTh2RfA
@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
shamwari-docs-ai 1904ee2 Commit Preview URL

Branch Preview URL
Jul 15 2026, 07:15 PM

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
nyuchi-docs 1904ee2 Commit Preview URL

Branch Preview URL
Jul 15 2026, 07:16 PM

@bryanfawcett
bryanfawcett marked this pull request as ready for review July 15, 2026 19:23

@claude claude Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Code review skipped — your organization's overage spend limit has been reached.

Code review is billed via overage credits. To resume reviews, an organization admin can raise the monthly limit at claude.ai/admin-settings/claude-code.

Once credits are available, push a new commit or reopen this pull request to trigger a review.

@bryanfawcett
bryanfawcett merged commit 70e4307 into main Jul 15, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants