Review documentation
AI-generated drafts — nothing is published until you approve it.
1 awaiting review
Publish approved
Sections
Authentication flow
88% confidenceAuthentication
RepoDocs issues JWT access tokens on login. Include the token in the
Authorization header on every request:
Authorization: Bearer <access_token>
Login flow
POST /auth/loginwithemailandpassword- Receive an
access_token(15 min) and arefresh_token(30 days) - Refresh with
POST /auth/refreshbefore the access token expires
Tokens are signed withJWT_SECRETand verified by theauthmiddleware on every protected route.
# Authentication
-
RepoDocs uses server-side sessions for authentication.
+
RepoDocs issues **JWT access tokens** on login. Include the token
+
in the `Authorization` header on every request.
## Login flow
-
1. POST /login with credentials
+
1. `POST /auth/login` with `email` and `password`
+
2. Receive an `access_token` (15 min) and a `refresh_token` (30 days)
Low confidence on the refresh-token TTL. Verify against app/Services/TokenService.php:51.