Skip to main content

Overview

The Trading Analysis Dashboard uses Google OAuth 2.0 for secure authentication. All API endpoints require an authenticated session.

Authentication Flow

1

User visits application

Unauthenticated users are redirected to the login page
2

Click Sign in with Google

User initiates OAuth flow by clicking the Google sign-in button
3

Google authorization

User is redirected to Google to authorize the application
4

Callback

Google redirects back to the application with authorization code
5

Session created

Application exchanges code for tokens and creates a secure session
6

Access granted

User is redirected to the dashboard with an authenticated session

Endpoints

Login Page

GET /auth/login
Displays the login page for unauthenticated users.

Initiate OAuth

GET /login
Redirects user to Google OAuth authorization page.

OAuth Callback

GET /auth/callback
Handles the OAuth callback from Google and creates user session. Query Parameters:
  • code (string): Authorization code from OAuth provider
  • state (string): State parameter for security

Logout

GET /logout
Clears user session and logs out the user.

User Profile

GET /auth/profile
Displays user profile information (requires authentication).

Session Management

  • Sessions are stored server-side using Flask sessions
  • Session cookies are HTTP-only and secure (in production)
  • Sessions expire after a period of inactivity
  • Users must re-authenticate after session expiration

User Authorization

Access is controlled by the AUTHORIZED_USERS environment variable: 
AUTHORIZED_USERS=user1@example.com,user2@example.com,user3@example.com
Only users with email addresses in this list can access the application after authenticating with Google.

Error Responses

401 Unauthorized

{
  "success": false,
  "error": "Authentication required",
  "redirect_to_login": true
}

403 Forbidden

{
  "success": false,
  "error": "Access denied. User not authorized."
}

Security Best Practices

HTTPS Only

Always use HTTPS in production for OAuth callbacks

Secure Sessions

Session cookies are HTTP-only and secure

User Whitelist

Only authorized email addresses can access the application

Token Security

OAuth tokens are never exposed to the client