{"id":51319328,"url":"https://github.com/pryv/app-web-user-account","last_synced_at":"2026-07-01T11:03:00.679Z","repository":{"id":367326926,"uuid":"1279240882","full_name":"pryv/app-web-user-account","owner":"pryv","description":"Pryv user-account web app: authentication + self-service account management (reference implementation)","archived":false,"fork":false,"pushed_at":"2026-06-25T13:12:37.000Z","size":163,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-25T15:22:43.271Z","etag":null,"topics":["account-management","authentication","consent","pryv","react"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pryv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-24T13:57:20.000Z","updated_at":"2026-06-25T13:13:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pryv/app-web-user-account","commit_stats":null,"previous_names":["pryv/app-web-user-account"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/pryv/app-web-user-account","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pryv%2Fapp-web-user-account","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pryv%2Fapp-web-user-account/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pryv%2Fapp-web-user-account/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pryv%2Fapp-web-user-account/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pryv","download_url":"https://codeload.github.com/pryv/app-web-user-account/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pryv%2Fapp-web-user-account/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35003464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-01T02:00:05.325Z","response_time":130,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["account-management","authentication","consent","pryv","react"],"created_at":"2026-07-01T11:03:00.040Z","updated_at":"2026-07-01T11:03:00.673Z","avatar_url":"https://github.com/pryv.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# app-web-user-account\n\nWeb app for Pryv **authentication** and **self-service account management**.\n\nIt covers the user-facing flows around a Pryv account:\n\n- **Authentication** — sign-in / authorize, registration, password reset \u0026 change.\n- **MFA challenge** — a multi-factor challenge screen, usable both inside the app\n  and launched standalone (e.g. from a CLI that needs the user to complete MFA).\n- **Account management** (signed-in subject) — profile \u0026 emails, security (MFA,\n  active sessions), connected apps (review scopes, revoke access), and data\n  rights (export, account deletion).\n- **Cross-account approval** — a page to review and approve a request coming from\n  an app that does not hold a personal token.\n\nThis is a **reference implementation**: it is themeable and intended to be\nforked, re-branded, and self-hosted by operators.\n\n## Tech stack\n\n- [React](https://react.dev) + [TypeScript](https://www.typescriptlang.org)\n- [Vite](https://vite.dev) build/dev server\n- [Tailwind CSS](https://tailwindcss.com) for styling\n- [React Router](https://reactrouter.com)\n\n## Theming\n\nBrand tokens (palette, typography, radii) are defined as theme variables in\n[`src/index.css`](src/index.css). Re-brand by overriding the `--color-*` and\n`--font-*` values — no component changes required.\n\n## Develop\n\n```bash\nnpm install\nnpm run dev      # start the dev server\nnpm run build    # type-check + production build\nnpm run preview  # preview the production build\n```\n\n## Back-navigation contract\n\nPages accept `backUrl` + `backLabel` query parameters to render a\n\"← Back to {label}\" link and return the user to the opening app. `backUrl` is\nvalidated against an allowlist of trusted origins to prevent open-redirects.\n\n\u003e Note: `backUrl` is a user-initiated *cancel / go-back* affordance. It is\n\u003e separate from the authentication-completion redirect (`returnURL` /\n\u003e OAuth2 `redirect_uri`), which the auth flow handles on its own.\n\n## Replacing `app-web-auth3` on an operator platform\n\nThis app is the planned successor to the legacy `app-web-auth3`. The two\n**do not share URLs** — every operator that switches updates their platform\nconfiguration to point at the new canonical paths. There is no `.html`-suffix\ncompatibility layer and no `/access/` base-path requirement; deploy where you\nlike, configure your platform to point there.\n\n| What | Legacy `app-web-auth3` path | New `app-web-user-account` path |\n|---|---|---|\n| Sign-in | `/access/signinhub.html`, `/access/signin` | `/signin` |\n| Register | `/access/register.html`, `/access/register` | `/register` |\n| Password reset (request + token modes) | `/access/reset-password.html`, `/access/reset` | `/reset-password` (request) and `/reset-password?resetToken=…` (set new) |\n| Change password (signed-in) | `/access/change-password.html`, `/access/change-password` | `/change-password` |\n| MFA challenge | (handled inline; CLI flow is new) | `/mfa-challenge` |\n| Access-request authorization | `/access/access.html`, `/access/auth` | `/auth` — **route stub today**, real component lands with the OAuth2 consent UI work; until then operators that need this flow keep `app-web-auth3` deployed alongside |\n| OAuth2 authorize | `/access/oauth2-authorize.html`, `/access/oauth2-authorize` | `/oauth2-authorize` — **same stub** as `/auth` above |\n| CMC accept hand-off | `/access/cmc-accept` | `/cmc-accept` (and `/cmc/approve` alias) |\n| CMC scope-update hand-off | `/access/cmc-scope-update` | `/cmc-scope-update` |\n| Self-service account management | (not in app-web-auth3) | `/account/{profile,security,apps,data}` |\n\n### Migration steps (operator-side)\n\n1. **Deploy `app-web-user-account`** at a URL of your choice (Vite produces a\n   static bundle; serve any way you like — gh-pages, S3+CloudFront, nginx).\n2. **Point your platform config** at the new paths:\n   - `auth.authUrl` → `\u003cyour-deploy\u003e/auth` (note: see \"What still needs the\n     legacy app\" below)\n   - `service.access.url` / equivalent → `\u003cyour-deploy\u003e/signin`\n   - any custom email templates that link into the legacy `.html` paths →\n     update the links to the new canonical paths\n3. **Rebrand** by overriding `--color-*` and `--font-*` in\n   [`src/index.css`](src/index.css) or by injecting your own CSS that overrides\n   the same variables. The brand-token contract is documented under\n   [Theming](#theming).\n4. **Sanity-check** with the bundled E2E tests against your deploy:\n   `npm install \u0026\u0026 npm run e2e`.\n\n### What still needs the legacy `app-web-auth3`\n\nThe **access-request authorization flow** (`/auth`) and the **OAuth2 authorize\nendpoint** (`/oauth2-authorize`) are not yet implemented in React in this app —\nthe routes exist and render a placeholder so callers see an explanation, not a\n404. Until the consent UI port lands, operators who need these flows keep\n`app-web-auth3` deployed alongside `app-web-user-account` and point their\n`auth.authUrl` at the legacy host for those two URLs only. All other flows can\nmove to this app today.\n\n## License\n\n[BSD-3-Clause](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpryv%2Fapp-web-user-account","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpryv%2Fapp-web-user-account","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpryv%2Fapp-web-user-account/lists"}