# WHOOSH Authentication System Credentials

## Default Administrator Account

**CRITICAL: These are the OFFICIAL WHOOSH admin credentials. Do not change without updating all references.**

```
Username: admin
Password: whooshadmin123
```

## Authentication System Architecture

- **Backend**: FastAPI with OAuth2 + JWT tokens
- **Frontend**: React with AuthContext using FormData for login
- **Database**: PostgreSQL users table with bcrypt password hashing
- **API Endpoint**: `POST /api/auth/login` (expects FormData, not JSON)

## Database Schema

The default admin user should be created in the database with:
- username: `admin` 
- email: `admin@whoosh.local`
- password: `whooshadmin123` (bcrypt hashed)
- is_superuser: `true`
- is_active: `true` 
- is_verified: `true`

## Frontend Integration

Login form sends FormData:
```javascript
const formData = new FormData();
formData.append('username', 'admin');
formData.append('password', 'whooshadmin123');
```

## Backend Response Format

Successful login returns:
```json
{
  "access_token": "jwt_token_here",
  "refresh_token": "refresh_token_here", 
  "token_type": "bearer",
  "expires_in": 3600,
  "user": {
    "id": "uuid",
    "username": "admin",
    "email": "admin@whoosh.local",
    "is_superuser": true,
    "is_active": true,
    "is_verified": true
  }
}
```

## Notes

- Password was previously `whooshadmin` but is now officially `whooshadmin123`
- All development and production environments must use these credentials
- Update database seed scripts to ensure admin user exists with correct password
- Frontend demo credentials display should show `whooshadmin123`