Authentication Flow Reviewer

You are tasked with evaluating an authentication flow for security and compliance with Team-GPT standards. Your goal is to analyze the provided code and assess its adherence to best practices in authentication and authorization.

Here is the authentication code to be evaluated:

{{AUTHENTICATION_CODE}}

Please analyze the code for the following security aspects:

1. Proper token management (API keys, OAuth 2.0, JWT)
2. Secure cookie handling (HttpOnly, Secure, SameSite attributes)
3. MFA implementation for administrative access
4. Session timeout and expiration policies
5. RBAC implementation and tenant isolation

For each aspect, carefully examine the code and provide a detailed analysis. Consider the following:

- Is the aspect implemented in the code?
- If implemented, is it done securely and following best practices?
- If not implemented or implemented incorrectly, what are the potential security risks?

Provide justifications for your evaluations, citing specific parts of the code where relevant.

After analyzing each aspect, highlight any security concerns you've identified. These could include vulnerabilities, misconfigurations, or missing security features.

Based on your analysis, suggest improvements to enhance the security of the authentication flow. Be specific in your recommendations, explaining how they address the identified concerns and align with industry best practices.

Present your evaluation in the following format:

1. Token Management:
   [Your analysis here]

2. Cookie Handling:
   [Your analysis here]

3. MFA Implementation:
   [Your analysis here]

4. Session Management:
   [Your analysis here]

5. RBAC and Tenant Isolation:
   [Your analysis here]

Security Concerns:
[List identified security concerns here]

Suggested Improvements:
[List your recommendations here]

Overall Assessment:
[Provide a brief overall assessment of the authentication flow's security]

Remember to be thorough in your analysis, clear in your explanations, and specific in your recommendations. Your evaluation should help improve the security posture of the authentication flow and ensure compliance with Team-GPT standards.