[Backoffice] Admin Login Page
Overview
The admin login page is the entry point for administrators to access the backoffice dashboard. It is a separate authentication system from the client login.
Access: Public (anyone can visit), but requires admin credentials to proceed
Purpose: Secure authentication for administrators to manage platform operations
Next Step: After successful login → Admin Backoffice Dashboard
Page Purpose
- Provide secure authentication for administrators
- Separate admin access from client access
- Prevent unauthorized access to backoffice features
- Support admin role verification
Access Levels:
- 🌐 View Login Page: Public (no authentication)
- 🔒 Access Backoffice: Admin credentials required
This login is exclusively for platform administrators. Regular users (clients) should use the Client Login on the frontoffice.
🎨 Live Preview (Design/UI)
🔐
Admin Login
Backoffice Access
Admin credentials only. Contact IT support if you need access.
MicDots Admin Portal
Need client access? Go to Client Login
API Endpoints
This page uses the following API endpoint:
Admin Login
Endpoint: POST /login
Authentication: None required (public endpoint for login)
Role Required: After authentication, user must have admin role
Description: Authenticates administrators using the same login endpoint as clients. The backend validates credentials and returns user data with the appropriate role assignment.
Admin and client login use the same authentication endpoint (POST /login). The system differentiates users based on their assigned role in the database. Admins receive roles: ["admin"] in the response, while clients receive roles: ["client"].
Required Fields:
- email: string. Admin email address.
- password: string. Admin password (minimum 8 characters).
Response: Returns access token and refresh token with roles: ["admin"]. User is redirected to Admin Backoffice Dashboard.
🎨 Page Elements (Design/UI)
Header
- Admin lock icon with gradient
- "Admin Login" title
- "Backoffice Access" subtitle
- Centered layout
Login Form Card
- Email input field
- Password input field
- "Sign In" button
- Security notice banner
Footer
- Portal branding
- Link to client login for non-admin users
Authentication Flow
- Admin visits admin login page
- Admin enters email and password
- System validates credentials
- System checks admin role assignment
- System generates JWT access and refresh tokens
- System redirects to Admin Backoffice Dashboard
- Admin can access all backoffice features
Security Considerations
Admin Role Verification
- User must have admin role in database
- Role is checked on every API request
- Invalid role returns 403 Forbidden
Password Requirements
Same as client login:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one digit
- At least one special character
Account Management
Administrators cannot create their own accounts. Admin accounts must be created by existing administrators or database migration.
Admin Account Creation:
- Created by super admin or database seeding
- Email and password set during creation
- Must be assigned admin role explicitly
Password Reset:
- Admins contact IT support for password resets
- No self-service password reset in MVP 1
- Password reset handled manually
Error Handling
Invalid Credentials (401)
Error Response:
{
"success": false,
"error": {
"code": "INVALID_CREDENTIALS",
"message": "Invalid email or password."
}
}
Insufficient Permissions (403)
When user has valid credentials but not admin role:
{
"success": false,
"error": {
"code": "INSUFFICIENT_PERMISSIONS",
"message": "Access denied. Admin role required."
}
}
Account Locked (403)
{
"success": false,
"error": {
"code": "ACCOUNT_LOCKED",
"message": "Your account has been locked. Contact IT support."
}
}
Technical Notes
Session Management
- Method: JWT token-based authentication
- Token Storage: HttpOnly cookies (secure)
- Token Expiration: 15 minutes (access token), 7 days (refresh token)
- Auto-refresh: Refresh token automatically renews access token
Access Control
- All backoffice routes require admin role
- Token validated on every API request
- Expired tokens trigger automatic logout
- Failed role checks return 403 Forbidden
Logout Behavior
- Clears JWT tokens from cookies
- Redirects to admin login page
- Server-side token blacklist (optional)
User Support
Admin Access Issues:
- Contact IT support or super admin
- Provide admin email address
- Verify role assignment in database
No Self-Service:
- No "Forgot Password" feature in MVP 1
- No self-registration for admins
- All changes handled by IT support
Next Step in Flow
After successful admin login → Admin Backoffice Dashboard
Related Documentation
- Client Login - Client authentication
- Authentication API - Auth endpoints
- Admin Backoffice Dashboard - Dashboard overview
- Admin Request Details - Request management