Fixed up the expiry of auth cookies for the BEFFE

docs/design-principles/0110-back-end-for-front-end.md

@@ -242,9 +242,75 @@ At present, the BEFFE is not keeping track of past generated values against requ
 
 ### API calls from JavaScript
 
-All API calls will be proxied through the Reverse Proxy in the BEFFE (to the Backend API).
+All API calls from the JS app should append the path `/api/` to the base URL for the BEFFE server, for example: `GET https://localhost:5101/api/profiles/me`.
 
-After the user is authenticated, those proxied calls will include the JWT `access_token` in an `Authorization` header, extracted from the `auth-tok` cookie.
+> All API calls to that prefix (except for any APIs defined on the BEFFE) will be automatically proxied through the Reverse Proxy to the Backend API. Any API calls to any other paths (other than `/api/` will terminate at the BEFFE itself.
+
+
+
+To determine the currently authenticated user, issue the API call: `GET /api/profiles/me`.
+
+This will return (at least) the following data for an authenticated user:
+
+```json
+{
+    "profile": {
+        "features": [
+            "platform_paidtrial_features",
+            "platform_basic_features"
+        ],
+        "isAuthenticated": true,
+        "roles": [
+            "platform_standard"
+        ],
+        "defaultOrganizationId": "org_NNE1A89PUW4HjDBSzmGg",
+        "address": {
+            "city": "",
+            "countryCode": "USA",
+            "line1": "",
+            "line2": "",
+            "line3": "",
+            "state": "",
+            "zip": ""
+        },
+        "displayName": "afirstname",
+        "emailAddress": "[email protected]",
+        "name": {
+            "firstName": "afirstname",
+            "lastName": "alastname"
+        },
+        "timezone": "Pacific/Auckland",
+        "userId": "user_t6VmQhfvQkk6qGWVeQNgA",
+        "id": "profile_jmaEqNS6RUTaEwhCe1SMQ"
+    }
+}	
+```
+
+This will return the following data for an un-authenticated user:
+
+```json
+{
+  "profile": {
+    "features": [],
+    "roles": [],
+    "address": {
+      "countryCode": "USA"
+    },
+    "displayName": "xxx_anonymous0000000000000",
+    "name": {
+      "firstName": "xxx_anonymous0000000000000"
+    },
+    "userId": "xxx_anonymous0000000000000",
+    "id": "xxx_anonymous0000000000000"
+  }
+}
+```
+
+> Note: the property `isAuthenticated` is missing from the response, which implies that its value is `false`
+
+
+
+Once a user is authenticated, all forwarded calls to the backend will include the JWT `access_token` in an `Authorization` header, extracted from the `auth-tok` cookie (by the reverse proxy).
 
 It is possible that subsequent calls to the Backend API will eventually respond with `HTTP 401 - Unauthorized` response, once the token has expired (or been revoked). This response will get proxied back to the JS app.
 

src/SaaStack.sln.DotSettings

@@ -422,6 +422,7 @@
 	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpKeepExistingMigration/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpPlaceEmbeddedOnSameLineMigration/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpUseContinuousIndentInsideBracesMigration/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002EMemberReordering_002EMigrations_002ECSharpFileLayoutPatternRemoveIsAttributeUpgrade/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EMigrateBlankLinesAroundFieldToBlankLinesAroundProperty/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EPredefinedNamingRulesToUserRulesUpgrade/@EntryIndexedValue">True</s:Boolean>
 	<s:Int64 x:Key="/Default/Environment/UnitTesting/ParallelProcessesCount/@EntryValue">10</s:Int64>

src/WebsiteHost/Api/AuthN/AuthenticationApi.cs

@@ -101,6 +101,9 @@ private static CookieOptions GetCookieOptions(DateTime? expires)
             SameSite = SameSiteMode.Lax,
             Expires = expires.HasValue
                 ? new DateTimeOffset(expires.Value)
+                : null,
+            MaxAge = expires.HasValue
+                ? expires.Value.Subtract(DateTime.UtcNow)
                 : null
         };
 

src/WebsiteHost/wwwroot/index.html

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-    <meta charset="UTF-8">
+    <meta charset="UTF-8"/>
     <meta content="SaaStack" name="description"/>
     <meta content="%%CSRFTOKEN%%" name="%%CSRFFIELDNAME%%"/>
     <title>SaaStack</title>