Integrated Emis Login -

const token = jwt.sign( sub: user.id, role: user.role , process.env.JWT_SECRET, expiresIn: '1h' );

Authorization: Bearer <same_jwt_from_login>

integrated_apps: id app_name (e.g., attendance, grading) app_secret (for service-to-service) redirect_uris (JSON) POST /api/v1/auth/login integrated emis login

Each sub-system (fees, attendance, etc.) validates the same JWT:

res.json( access_token: token, user: id: user.id, role: user.role ); ); const token = jwt

Request:

// Middleware to protect integrated modules function requireAuth(req, res, next) const token = req.headers.authorization?.split(' ')[1]; try const decoded = jwt.verify(token, process.env.JWT_SECRET); req.user = decoded; next(); catch res.status(401).json( error: 'Invalid or expired token' ); const token = jwt.sign( sub: user.id

Response: