links.arjun.tv/docs/end-user/use-cases/uc-01-auth-session-lifecycle

UC-01: Auth and Session Lifecycle

Role-gated control-plane steps are intentionally excluded from this public guide; use support escalation when those operations are required. Shared company context: Gharart.com Company Context Need operator help? Escalate through Troubleshooting and Support with request IDs and repro artifacts.

Developer Outcome

Ship auth and session lifecycle for Gharart.com with reproducible API steps, operational limits, and clear debugging playbooks.

Prerequisites

  • A valid handle and environment access for Gharart.com.
  • JWT and/or PAT credentials with required scope for this use case.
  • Access to logs, support escalation endpoints, and test workspace.

Gharart Scenario

Holiday campaign onboarding and team login hardening.

Persona: Growth engineer

Business goal: Enable secure account setup and token refresh for Gharart's seasonal campaign team.

Step-by-Step Flow (UI + API)

  1. Open the relevant Gharart workflow in the dashboard and confirm actor role access.
  2. Execute route calls in sequence for this use case and capture response IDs.
  3. Validate expected state in UI and API after each step before moving forward.
  4. Record artifacts (request ID, run ID, deployment ID, slug, or token) for support handoff.

Primary API Routes

MethodPath
GET/.well-known/oauth-authorization-server
GET/oauth/authorize
GET/v2/auth/me
POST/oauth/authorize/decision
POST/oauth/register
POST/oauth/token
POST/v2/auth/login
POST/v2/auth/logout
POST/v2/auth/password/forgot
POST/v2/auth/password/forgot/confirm
POST/v2/auth/refresh
POST/v2/auth/signup

Limits and Quotas

  • Respect per-route throttles and daily write limits before bulk operations.
  • Use idempotency-safe retries for write endpoints to avoid duplicate business actions.
  • Schedule high-volume workflows outside peak campaign windows where possible.

Where This Breaks

  • signup confirmation codes expiring during bulk teammate onboarding
  • refresh token failures after long-lived dashboard sessions
  • misconfigured OAuth client redirect causing authorize loop

How Gharart Debugs It

  1. Confirm /v2/auth/login returns JWT with expected exp window
  2. Validate /v2/auth/refresh response and expiry rotation
  3. Inspect OAuth authorize callback parameters for exact redirect URI match

Escalation

Use end-user escalation path:

  • Submit POST /v2/support/report.
  • Include summary, details, and when available handle, sessionId, requestId, reproArtifact.

Audience boundaries:

  • POST /v2/operator/escalations is an internal operator workflow and not an end-user escalation action.
  • POST /v2/public/content-report is for public abuse moderation reports, not product incident escalation.