Corpointa ships with two authentication modes: a built-in JWT flow that talks directly to the Corpointa backend, and an optional Clerk integration activated by a single environment variable. Both modes share the sameDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/EricMartinez758/corpointa-frontend/llms.txt
Use this file to discover all available pages before exploring further.
_authenticated route guard and the same SessionWarning component — the difference is entirely in how credentials are collected and how the initial token is obtained.
Built-in JWT Auth
Sign-In Request
The sign-in form collects acedula (national ID) and contraseña (password) and posts them to POST /auth/login:
token alongside the authenticated user’s profile.
Token & User Storage
After a successful login the application writes both values to cookies viauseAuthStore:
- The raw JWT string is JSON-serialised and stored in the
thisisjustarandomstringcookie. - The user object is JSON-serialised and stored in the
user_datacookie. - Both cookies are read back at application startup so sessions survive a full-page reload.
useAuthStore Interface
useAuthStore is a Zustand store. Access it in React components with the standard selector pattern:useAuthStore.getState().auth.Request Interceptor
The sharedapiClient in src/lib/api-client.ts attaches the JWT to every outgoing request automatically. On each request it reads the thisisjustarandomstring cookie, JSON-parses the value, and sets the Authorization header:
Authorization header — the interceptor handles it transparently for every request made through apiClient.
Token Expiry & Refresh
Token lifecycle is managed through helpers insrc/lib/token-utils.ts:
| Helper | Description |
|---|---|
getTokenExp(token) | Decodes the JWT payload and returns the exp claim in milliseconds |
getTokenRemainingTime(token) | Returns milliseconds until expiry (0 when expired) |
isTokenExpiringSoon(token, thresholdMs) | Returns true when expiry is within the threshold window (default 2 minutes) |
hasTokenExpired(token) | Returns true when the token is past its exp timestamp |
SessionWarning component prompts the user to extend their session by calling POST /auth/refresh-token:
auth.setAccessToken(), which writes it to the cookie and updates tokenExp.
Global 401 Handling
AQueryCache.onError handler in src/main.tsx intercepts every 401 response from TanStack Query and triggers a full sign-out, then redirects to the sign-in page with the current URL as the redirect search param so the user lands back in the right place after re-authenticating:
Clerk Auth (Optional)
Corpointa includes a parallel Clerk-powered auth path for organisations that prefer a hosted identity provider.Install the Clerk SDK
The
@clerk/react package is already listed as a dependency. No additional installation is needed.Set the publishable key
Add your Clerk publishable key to The presence of this variable activates the Clerk code paths at runtime.
.env:Protected Routes
All application pages (dashboard, inventory modules, admin screens) are nested under the_authenticated layout route. The route’s beforeLoad hook runs before any child component renders:
Unauthenticated redirect
If
auth.user is null when the route loads, the user is immediately redirected to /sign-in-2. The current URL is passed as the redirect search param so the sign-in page can return the user to their intended destination.Session warning
AuthenticatedLayout renders <SessionWarning /> alongside the page content. This component monitors tokenExp and displays a countdown dialog when fewer than 2 minutes remain, giving the user the opportunity to refresh before their session expires.