# AI Session Summary ```yaml session: 2026-07-03-ldap-login-fix project: lagercloud.com/ldap version: 1.2.0 status: ready next: Token revocation on logout previous: 2026-07-01-ldap-migration agent: Cursor branch: feat/jwt-refresh ``` --- ## TL;DR - Tambah endpoint JWT refresh token - Perbaiki 401 loop saat token expired - Update docs API auth --- ## Lanjut dari sini 1. Token revocation on logout 2. Integrasi refresh ke client Super App > Backlog: [todo.md](./todo.md) --- ## Jangan - Jangan simpan refresh token di localStorage (pakai httpOnly cookie) - Jangan revert error code TOKEN_EXPIRED di middleware --- ## Detail ### Bug fix | Bug | Root cause | Fix | Ref | |-----|------------|-----|-----| | 401 loop | Middleware throw unhandled | Return 401 + TOKEN_EXPIRED | [ISS-001](./issues.md) | ### API | Method | Endpoint | Perubahan | |--------|----------|-----------| | POST | `/api/v1/auth/refresh` | Baru | **On-demand:** [../AGENTS.md](../AGENTS.md) | [todo.md](./todo.md) | [api/](./api/)