Auth Flow

The browser-facing sign-in round-trip goes through the hivecfm-core Next.js app, which delegates to NextAuthNextAuthThe auth library HiveCFM Core uses to handle sessions, OAuth providers, and credentials. and persists the session identity via PrismaPrismaThe TypeScript ORM HiveCFM uses to talk to Postgres. The schema lives at packages/database/schema.prisma. into Postgres before handing back a signed JWTJWTA compact, signed token that carries identity between services. HiveCFM issues one per authenticated user. cookie.

Implementation entry points live at hivecfm-core/apps/web/app/api/auth/[...nextauth]/route.ts and the SAMLSAMLThe XML-based enterprise SSO protocol HiveCFM supports for customers using Okta, Azure AD, or similar IdPs. adapter under hivecfm-core/apps/web/app/api/auth/saml/.