sequenceDiagram
participant Client
participant IDAM
participant GoTrue
participant Redis
Client->>IDAM: POST auth/token (password)
IDAM->>GoTrue: POST /token
GoTrue-->>IDAM: tokens
IDAM->>Redis: SET session_id → {user_id, refresh_ref, expiry}
IDAM-->>Client: tokens (+ Set-Cookie if cookie session)
Client->>IDAM: POST logout (Bearer)
IDAM->>Redis: DEL session_id
IDAM->>GoTrue: POST /logout
IDAM-->>Client: 204
Part of Epic #279
Story 7.3 — Optional session/Redis store
GitHub issue: #286
Epic: Epic 7 — IDAM core implementation
Overview
Add an optional server-side session store (e.g. Redis) for IDAM so sessions can be stored and invalidated server-side. GoTrue is stateless (JWT + refresh); this is an IDAM-layer addition for products that need it.
Diagram: Request path with vs without Redis
flowchart TB Request["Incoming request"] Request --> CheckRedis{"Redis configured?"} CheckRedis -->|Yes| Lookup["Lookup session in Redis"] CheckRedis -->|No| GoTrue["Call GoTrue (stateless)"] Lookup --> Found{"Session found?"} Found -->|Yes| UseSession["Use session metadata"] Found -->|No| GoTrue UseSession --> Handler["Handler logic"] GoTrue --> Handler Handler --> MaybeStore["Optional: store/update session"] MaybeStore --> Redis[(Redis)]Sequence: Login and logout with session store
sequenceDiagram participant Client participant IDAM participant GoTrue participant Redis Client->>IDAM: POST auth/token (password) IDAM->>GoTrue: POST /token GoTrue-->>IDAM: tokens IDAM->>Redis: SET session_id → {user_id, refresh_ref, expiry} IDAM-->>Client: tokens (+ Set-Cookie if cookie session) Client->>IDAM: POST logout (Bearer) IDAM->>Redis: DEL session_id IDAM->>GoTrue: POST /logout IDAM-->>Client: 204Delivery
Acceptance criteria
References