docs: enhance introduction and authentication documentation

- Updated the introduction to provide a clearer overview of ABP React and its features.
- Expanded the authentication section to detail the OpenID Connect flow and session management.
- Added middleware documentation, outlining tenant resolution and session handling processes.
- Included best practices for security and performance in middleware usage.
- Improved structure and clarity throughout the documentation for better user guidance.

Author: antosubash

docs/docs/components/ui-components.md

@@ -0,0 +1,179 @@
+---
+sidebar_position: 1
+---
+
+# UI Components
+
+## Overview
+
+ABP React provides a comprehensive set of UI components built on top of Radix UI and styled with Tailwind CSS. These components are designed to be accessible, customizable, and consistent with the ABP design system.
+
+## Core Components
+
+### Custom Table
+
+A flexible table component with sorting, filtering, and pagination:
+
+```typescript
+import { CustomTable } from '@/components/ui/CustomTable'
+
+// Usage
+<CustomTable
+  columns={columns}
+  data={data}
+  pagination={pagination}
+  onPaginationChange={handlePaginationChange}
+/>
+```
+
+### Search Component
+
+A search input with debouncing and clear functionality:
+
+```typescript
+import { Search } from '@/components/ui/Search'
+
+// Usage
+<Search
+  placeholder="Search..."
+  onSearch={handleSearch}
+  debounceTime={300}
+/>
+```
+
+### Error Component
+
+A standardized error display component:
+
+```typescript
+import Error from '@/components/ui/Error'
+
+// Usage
+<Error
+  message="An error occurred"
+  retry={handleRetry}
+/>
+```
+
+### Loader Component
+
+A loading indicator component:
+
+```typescript
+import Loader from '@/components/ui/Loader'
+
+// Usage
+<Loader />
+```
+
+## Form Components
+
+### Input Components
+
+- Text inputs
+- Number inputs
+- Date pickers
+- Select dropdowns
+- Checkboxes
+- Radio buttons
+
+### Form Validation
+
+Components integrate with React Hook Form and Zod for validation:
+
+```typescript
+import { useForm } from 'react-hook-form'
+import { zodResolver } from '@hookform/resolvers/zod'
+import { z } from 'zod'
+
+const schema = z.object({
+  name: z.string().min(1, 'Name is required'),
+  email: z.string().email('Invalid email'),
+})
+
+const form = useForm({
+  resolver: zodResolver(schema),
+})
+```
+
+## Layout Components
+
+### Admin Layout
+
+A layout component for admin pages:
+
+```typescript
+import AdminLayout from '@/layout/admin-layout'
+
+// Usage
+export default function AdminPage() {
+  return (
+    <AdminLayout>
+      {/* Page content */}
+    </AdminLayout>
+  )
+}
+```
+
+### Navigation Components
+
+- Navbar
+- Sidebar
+- Breadcrumbs
+- Tabs
+
+## Theme Support
+
+Components support both light and dark themes:
+
+```typescript
+import { ThemeProvider } from 'next-themes'
+
+// Usage
+<ThemeProvider attribute="class" defaultTheme="system">
+  {/* App content */}
+</ThemeProvider>
+```
+
+## Accessibility
+
+All components are built with accessibility in mind:
+
+- ARIA attributes
+- Keyboard navigation
+- Screen reader support
+- Focus management
+
+## Customization
+
+Components can be customized using Tailwind CSS:
+
+```typescript
+const customStyles = {
+  button: 'bg-primary hover:bg-primary-dark text-white',
+  input: 'border-gray-300 focus:border-primary',
+}
+```
+
+## Best Practices
+
+1. **Component Usage**
+   - Use semantic HTML
+   - Maintain consistent spacing
+   - Follow accessibility guidelines
+
+2. **Performance**
+   - Lazy load components when possible
+   - Optimize re-renders
+   - Use proper memoization
+
+3. **Styling**
+   - Use Tailwind utility classes
+   - Maintain consistent theming
+   - Follow design system guidelines
+
+## Related Components
+
+- [Authentication](/docs/fundamentals/authentication)
+- [Session Management](/docs/fundamentals/session-management)
+- [Multi-tenancy](/docs/fundamentals/multi-tenancy)

docs/docs/fundamentals/authentication.md

@@ -6,29 +6,126 @@ sidebar_position: 1
 
 ## Introduction
 
-This guide will explain how the authentication works in ABP React.
+ABP React implements a secure authentication system using OpenID Connect with PKCE (Proof Key for Code Exchange) flow. This guide explains how authentication works in the application.
 
-## NextAuth.js
+## Authentication Flow
 
-NextAuth.js is a library that provides authentication for Next.js applications. It supports multiple authentication providers. We will use it to handle the authentication in ABP React. You can find more details about NextAuth.js [here](https://next-auth.js.org/).
+The authentication process follows these steps:
 
-## Authentication Flow
+1. User clicks the login button
+2. System generates a PKCE code verifier and challenge
+3. User is redirected to the OpenID Connect authorization endpoint
+4. After successful authentication, user is redirected back to the callback URL
+5. System exchanges the authorization code for tokens
+6. Tokens are stored securely in Redis
+7. User session is established with iron-session
+
+## OpenID Connect Configuration
+
+The application uses OpenID Connect with the following configuration:
+
+```typescript
+const clientConfig = {
+  url: process.env.NEXT_PUBLIC_API_URL,
+  audience: process.env.NEXT_PUBLIC_API_URL,
+  client_id: process.env.NEXT_PUBLIC_CLIENT_ID,
+  scope: process.env.NEXT_PUBLIC_SCOPE,
+  redirect_uri: `${process.env.NEXT_PUBLIC_APP_URL}/auth/openiddict`,
+  post_logout_redirect_uri: `${process.env.NEXT_PUBLIC_APP_URL}`,
+  response_type: 'code',
+  grant_type: 'authorization_code',
+  post_login_route: `${process.env.NEXT_PUBLIC_APP_URL}`,
+  code_challenge_method: 'S256'
+}
+```
+
+### Required Environment Variables
+
+- `NEXT_PUBLIC_API_URL`: Your ABP API URL
+- `NEXT_PUBLIC_CLIENT_ID`: OpenID Connect client ID
+- `NEXT_PUBLIC_SCOPE`: Required OAuth scopes
+- `NEXT_PUBLIC_APP_URL`: Your application URL
+- `SESSION_PASSWORD`: Secret key for session encryption
+
+## Session Management
+
+The application uses two layers of session management:
+
+1. **Iron Session**: For secure client-side session storage
+2. **Redis**: For server-side token storage
+
+### Session Data Structure
+
+```typescript
+interface SessionData {
+  isLoggedIn: boolean
+  access_token?: string
+  code_verifier?: string
+  state?: string
+  userInfo?: {
+    sub: string
+    name: string
+    email: string
+    email_verified: boolean
+  }
+  tenantId?: string
+}
+```
+
+## Token Refresh
+
+The application automatically handles token refresh:
+
+1. Checks token expiration before each request
+2. Uses refresh token to obtain new access token
+3. Updates both Redis and session storage
+4. Maintains user session without requiring re-authentication
+
+## Multi-tenancy Support
+
+The application includes built-in multi-tenancy support:
+
+1. Tenant ID is determined from the host header
+2. Tenant context is maintained in the session
+3. Tenant ID is included in API requests
+4. Automatic tenant resolution on application startup
+
+## Security Features
+
+- PKCE flow for enhanced security
+- Secure session storage with iron-session
+- Redis-based token storage
+- Automatic token refresh
+- CSRF protection
+- Secure cookie configuration
+
+## API Integration
 
-The authentication flow is as follows:
+The authentication token is automatically included in API requests:
 
-1. The user clicks on the login button.
-2. The user is redirected to the login page.
-3. The user enters the credentials and clicks on the login button.
-4. The user is redirected to the callback page.
-5. The user is redirected to the home page.
+```typescript
+APIClient.interceptors.request.use(async (options) => {
+  const session = await getSession()
+  options.headers.set('Authorization', `Bearer ${session.access_token}`)
+  options.headers.set('__tenant', session.tenantId ?? '')
+  return options
+})
+```
 
-This flow is the same for all the authentication providers. We will setup a custom authentication provider in the next-auth because there is no provider for OpenIddict yet. You can find more details about the authentication flow [here](https://next-auth.js.org/getting-started/client#authentication-flow).
+## Logout Process
 
-## OpenID Connect
+The logout process:
 
-To set up the authentication, you need to set up an OpenID Connect server.
-Abp Application uses [OpenIddict](https://github.com/openiddict/openiddict-core) for authentication. You have to create an client with the authorization code flow. Make sure to set the redirect uri to `http://localhost:3000/api/auth/callback/openiddict`. You can find more details about the OpenIddict configuration [here](https://docs.abp.io/en/abp/latest/Authentication/OpenId-Connect).
+1. Clears session data
+2. Removes tokens from Redis
+3. Redirects to OpenID Connect end session endpoint
+4. Redirects to post-logout URL
 
-## NextAuth.js Configuration
+## Best Practices
 
-NextAuth.js is configured in the `/pages/api/auth/[...nextauth].ts` api endpoint. You can find the file in the api directory of the abp app folder. You can find more details about the configuration [here](https://next-auth.js.org/configuration/initialization).
+1. Always use environment variables for sensitive configuration
+2. Keep session duration reasonable (default: 1 week)
+3. Use HTTPS in production
+4. Implement proper error handling
+5. Monitor token refresh operations
+6. Regular security audits