sequenceDiagram participant C as Client participant GC as geonet-console participant AD as Active Directory (10.100.1.40) participant JWT as LdapJwtService C->>GC: POST /api/v1/auth/login {username, password} GC->>AD: LDAP bind AD-->>GC: bind result alt gagal GC-->>C: 401 Unauthorized end GC->>JWT: generate JWT {username, groups, exp} JWT-->>GC: signed token GC-->>C: 200 {token, expires_at} Note over C,GC: Subsequent requests C->>GC: GET /api/v1/* Bearer token GC->>GC: ApiAuthService::resolve(token) GC-->>C: Response