Authentication
Odysseus uses JWT (JSON Web Token) based authentication.
User Roles
| Role | Permissions |
|---|---|
| Admin | Full access — manage settings, integration, asset types, users, scans, assets |
| Analyst | Can create scans, promote/dismiss discoveries, manage assets |
| Viewer | Read-only access to dashboard, assets, scans, and discoveries |
Login
Enter your email and password. On success you receive:
- Access Token — short-lived (30 minutes default), used for API calls
- Refresh Token — longer-lived (7 days default), used to obtain new access tokens
The frontend handles token refresh automatically.
Registration
Fill in:
- Email — must be unique
- Full Name — display name
- Password — minimum 8 characters
Session
- Tokens are stored in the browser’s local storage
- On token expiry, the app automatically attempts a refresh
- Click Logout to clear tokens and return to the login page