Backend-owned sessions
FastAPI owns login, cookies, and account creation. The public Next.js surface reads the access mode and submits to backend routes.
- HttpOnly session cookies
- Same-origin API calls
- No frontend-only accounts
Security and control
Provider access is reviewed, explicit, and controlled.
TAO connects operational apps with clear permission boundaries. Public access remains invite-only by default, and provider access is separated from identity login unless a reviewed OIDC flow exists.
Admin-controlled access
Operators can keep the product invite-only, review applicants, and convert the right applicants into real organisations.
- Invite-only or open signup
- Applicant status review
- Single-use setup link on conversion
Provider review readiness
Google, Microsoft, Xero, Current RMS, and future provider connections need public policy pages, least-privilege scopes, and exact consent-screen alignment before broad rollout.
- Public privacy, terms, support, and data-permissions pages
- Least-privilege scope justifications
- Provider disconnect and revocation paths documented