Testwebbackend QA Dashboard

Static HTML dashboard for local QA. Your browser calls the real backend contract directly for secure JSON, OIDC session checks, encrypted upload, validation, merge, chat, and support email flows.

Backend default: -

Current host: -

OIDC return: waiting

Backend URL

Serve this page with any simple static server on localhost. If the origin is `http://localhost:5173`, ensure that origin is included in backend `FRONTEND_EXTRA_URLS` before testing browser OIDC and auth-required requests.

Complete OIDC

Start with `Open Google Login` so the backend creates the app session from the current browser window.

Verify Session

Use `GET /oidc/me` or `POST /session/init` to confirm the current browser can access the backend with credentials, then use `POST /oidc/logout` to verify revoked-session behavior.

Run QA Flow

After session verification, test forms, upload, validation, merge, chat, and support in the same browser window. Re-check `GET /oidc/me` after logout to confirm the session is gone.

Session And Metadata

Current backend

Health endpoint

Public key endpoint

Session status

Unknown

`POST /session/init` should be used only after `Open Google Login` and a successful `GET /oidc/me`. Use `POST /oidc/logout` to verify that both the browser cookie and the server-side session record are revoked. This dashboard now uses direct browser requests only, with no server-side helper path.

Form Context

Degree Level

Form Code

Sub Type

Case Key

Upload, Validation, Merge

File Key

Upload Form Code

File

Chat Recommend

Message

Support Email Test

Reporter Email

Issue Type

Subject

Attachment

Description

Status

Ready.

Latest Response

Choose an action to start testing.

What This Tests

`GET /api/v1/system/status` and `GET /api/v1/auth/public-key`
`GET /api/v1/oidc/me` and `POST /api/v1/oidc/logout` for auth lifecycle verification
`POST /api/v1/session/init` with secure JSON and encrypted response handling
cookie-backed auth requests such as `departments`, `forms`, and `form detail`
encrypted file upload to `POST /api/v1/upload`
AI validation, merge, chat recommendation, and support email flows
`GET /api/v1/oidc/google/login` directly through the backend

Important Notes

Serve this file from localhost with a simple static server such as Vite or `python -m http.server`.
Your current local origin must be included in backend `FRONTEND_EXTRA_URLS` before OIDC and auth-required browser requests will work.
The backend session cookie is `HttpOnly`, so the dashboard infers session health from successful authenticated requests.
`POST /oidc/logout` is the quickest negative-path test: after it succeeds, `GET /oidc/me` should return unauthorized.
Support email tests send real email through the configured backend target.
Merge needs the required files for the selected form to be uploaded first.