SPEC: RTSport Login Page
Agent Collaboration Protocol v1.4.0
Build Date: 2026-05-08
Test build — end-to-end protocol verification
Overview
A standalone login page for RTSport at /rtsport/login. Simple email+password form.
Submits via fetch() to the existing auth endpoint, redirects to the appropriate
dashboard on success (AT, Coach, Parent, AD Admin). Graceful error handling for
wrong credentials.
Contract
| Field |
Value |
| API Base Path |
/api/v1 (relative — same origin) |
| Auth Scheme |
Bearer JWT from POST /api/v1/auth/login/json |
| Content Type |
application/json |
| Error Format |
{ "detail": "..." } (401) |
| Existing Routes |
/api/v1/auth/login/json — POST { email, password } → { access_token, role, school_id } |
Data Models
LoginRequest
| Field |
Type |
Required |
Notes |
| email |
string |
yes |
User's email address |
| password |
string |
yes |
Plaintext, sent over HTTPS |
LoginResponse
| Field |
Type |
Notes |
| access_token |
string |
JWT for Authorization header |
| token_type |
string |
"bearer" |
| role |
string |
"at" / "coach" / "parent" / "admin" |
| school_id |
string |
Associated school |
Endpoints (consume only — backend exists)
POST /api/v1/auth/login/json
Request: { "email": "test@example.com", "password": "..." }
Success (200): { "access_token": "...", "token_type": "bearer", "role": "at", "school_id": "schl_001" }
Error (401): { "detail": "Invalid email or password" }
UI Components
LoginPage
- Purpose: Capture email + password, authenticate, redirect on success
- Data source:
POST /api/v1/auth/login/json
- States: idle, loading (button spinner), error (red banner), success (redirect)
- Route:
/rtsport/login
Shared Constants
| Constant |
Values |
| Role routing |
at → /rtsport/at, coach → /rtsport/coach, parent → /rtsport/parent, admin → /rtsport/ad |
| Test credentials |
parent@example.com / testpass123 → parent dashboard |
File Structure
backend/
login_router.py ← Mounts at /rtsport/login, serves login page
__init__.py ← Empty
frontend/
templates/
login.html ← Login page template
static/
css/
login.css ← Login page styles
js/
login.js ← Login form logic (fetch auth, store token, redirect)
Success Criteria
- User visits
/rtsport/login, sees email + password form
- Submitting
parent@example.com / testpass123 stores JWT in localStorage and redirects to /rtsport/parent
- Submitting wrong credentials shows a red "Invalid email or password" banner
- Loading state shows on the submit button while the request is in flight
- Mobile-friendly — works on iPhone SE viewport (375px)
Out of Scope
- Password reset flow
- "Remember me" / persistent sessions
- OAuth / social login
- Registration