soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated the docs, removed oauth and introduced sanctum pat

Browse Source
This commit is contained in:
Codex Agent
2025-11-07 07:47:25 +01:00
parent 67affd3317
commit 9cc9950b0c
16 changed files with 153 additions and 503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/prp/marketing-checkout-payment-architecture.md
View File

@@ -13,7 +13,7 @@
- **Wizard API surface** (JSON routes under `/checkout/*`) is session-authenticated, CSRF-protected, and returns structured payloads consumed by the PWA.
- **Webhooks** (Stripe, Paddle) map incoming provider events back to `CheckoutSession` rows to guarantee reconciliation and support 3DS / async capture paths.
- **Feature Flag**: `config/checkout.php` exposes `CHECKOUT_WIZARD_ENABLED` and `CHECKOUT_WIZARD_FLAG` so the SPA flow can be toggled or gradual-rolled out during launch.
- **Operational**: Rotate JWT signing keys with `php artisan oauth:rotate-keys` (updates key folder per KID; remember to bump `OAUTH_JWT_KID`).
- **Operational**: Track Sanctum PAT issuance via `personal_access_tokens` and document forced logout procedures (no OAuth key rotation required anymore).
## Payment State Machine
State constants live on `CheckoutSession` (`status` column, enum):