service public active Verified 2026-03-29

Topolo Auth

Central identity, authorization, service registry, and API key authority for the platform.

Documentation Map

What It Is

Central identity, authorization, service registry, and API key authority for the platform.

Central authentication and SSO service for the Topolo platform.

Use Wrangler with the environment defined in [wrangler.toml](/Users/ashes/Projects/topolo/Applications/TopoloAuth/wrangler.toml). Secrets remain in Cloudflare, not in source control.

Architecture

Owners: identity-platform

Source repos: Applications/TopoloAuth

Dependencies: None registered

Repo shape

  • Applications/TopoloAuth/ADMIN_FRONTEND_SESSIONS.md
  • Applications/TopoloAuth/ADMIN_PLATFORM_PERMISSIONS_INTEGRATION.md
  • Applications/TopoloAuth/ADMIN_SERVICE_API.md
  • Applications/TopoloAuth/ADMIN_USER_MANAGEMENT_API.md
  • Applications/TopoloAuth/AUTH_INTEGRATION_GUIDE.md
  • Applications/TopoloAuth/AUTH_ROUTE_SMOKE_MATRIX.md
  • Applications/TopoloAuth/COOKIE_MODE_MIGRATION.md
  • Applications/TopoloAuth/FIRST_PARTY_AUTH_STANDARD.md
  • Applications/TopoloAuth/FRONTEND_PERMISSIONS_INTEGRATION.md
  • Applications/TopoloAuth/OAUTH_SETUP.md
  • Applications/TopoloAuth/ORGANIZATION_SERVICES_API.md
  • Applications/TopoloAuth/PASSKEY_INTEGRATION.md
  • Applications/TopoloAuth/PERMISSION_MODEL.md
  • Applications/TopoloAuth/PRODUCTION_DATABASE_SCHEMA.md
  • Applications/TopoloAuth/README.md
  • Applications/TopoloAuth/REFACTOR_DEMO.md
  • Applications/TopoloAuth/REFACTOR_PLAN.md
  • Applications/TopoloAuth/SECRETS_MIGRATION.md
  • Applications/TopoloAuth/SERVICE_MANAGEMENT_API.md
  • Applications/TopoloAuth/SSO_TOKEN_IMPLEMENTATION.md

Runtime Surfaces

Hosts:

https://auth.topolo.app
topolo-auth-staging

Config: Applications/TopoloAuth/wrangler.toml

Main: src/index.js

Routes: auth-staging.topolo.app, auth.topolo.app

API Reference

Coverage: curated

Source: Applications/TopoloAuth/src/controllers/auth.js

Source exists in repo: yes

Curated Topolo Auth reference supplements controller-backed route behavior.

This system currently relies on a curated or README-derived contract surface instead of a source-controlled OpenAPI spec.

Auth and Permissions

Depends on Topolo Auth: yes

Service IDs:

svc_auth

API key scopes

users.read

View user accounts and profiles

Resource pattern: none

users.write

Create and edit user accounts

Resource pattern: none

users.delete

Delete or suspend user accounts

Resource pattern: none

organizations.read

View organization details

Resource pattern: none

organizations.write

Create and edit organizations

Resource pattern: none

services.read

View registered services

Resource pattern: none

services.write

Manage service registrations

Resource pattern: none

permissions.read

View permission assignments

Resource pattern: none

permissions.write

Manage user permissions

Resource pattern: none

roles.read

View service role bundles

Resource pattern: none

roles.write

Manage service role bundles

Resource pattern: none

sessions.read

View user sessions and access state

Resource pattern: none

sessions.write

Revoke or rotate user sessions

Resource pattern: none

api_keys.read

View machine credentials

Resource pattern: none

api_keys.write

Create or revoke machine credentials

Resource pattern: none

audit.read

View audit logs and security events

Resource pattern: none

Service permissions

users:read, users:write, users:delete, organizations:read, organizations:write, services:read, services:write, permissions:read, permissions:write, roles:read, roles:write, sessions:read, sessions:write, api_keys:read, api_keys:write, audit:read

Data Ownership

d1

Binding: DB

Target: 437aad6b-7e22-4a11-b048-3b1fa32e9b43

Environment: default

Source: Applications/TopoloAuth/wrangler.toml

d1

Binding: DB

Target: 9f2c0e78-738a-41c0-95bf-9968ff369926

Environment: production

Source: Applications/TopoloAuth/wrangler.toml

Queues / Cron / Workflows

Queue bindings:

No queue bindings were detected.

Cron triggers

No cron triggers were detected.

Workflow signals

No explicit queue/workflow script or cron signal was discovered.

Environment Variables and Bindings

Environment variables:

AUTH_ACCESS_TOKEN_TTL_SECONDS AUTH_ALLOW_REFRESH_TOKEN_IN_BODY AUTH_CLIENT_COMPAT_ALLOWLIST AUTH_COOKIE_DOMAIN AUTH_COOKIE_MODE_DEFAULT AUTH_LEGACY_TOKEN_DELIVERY_ENABLED AUTH_REFRESH_COOKIE_NAME AUTH_REFRESH_SKIP_SESSION_CHECK AUTH_REFRESH_TOKEN_TTL_SECONDS AUTH_SESSION_TTL_SECONDS ENVIRONMENT GITHUB_CLIENT_ID

All wrangler bindings

  • DB (d1) -> 437aad6b-7e22-4a11-b048-3b1fa32e9b43
  • DB (d1) -> 9f2c0e78-738a-41c0-95bf-9968ff369926 [production]

Deployments

Deployment environments: production

Routes: auth-staging.topolo.app, auth.topolo.app

Observability enabled: no explicit setting found

Wrangler surfaces

  • Applications/TopoloAuth/wrangler.toml -> topolo-auth-staging

Build and deploy commands

  • deploy — Applications/TopoloAuth/package.json :: wrangler deploy

Failure Modes

No default failure-mode heuristics are currently flagged for this system.

Debugging Runbooks

Start with these entrypoints:

  • Applications/TopoloAuth/wrangler.toml
  • Applications/TopoloAuth/src/controllers/auth.js
  • Applications/TopoloAuth/README.md
  • Applications/TopoloAuth/package.json

Linked runbooks

Change Log / Verification

Lifecycle: active

Last verified: 2026-03-29

Any code change to this system is expected to update the canonical docs in Websites/docs and refresh the verification date.