This repository has been archived by the owner on May 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Authentication
Fredrik Blomqvist edited this page Mar 8, 2018
·
2 revisions
Token Identity Format
{
"id": 0,
"university_id": 1,
"email": "[email protected]",
"first_name": "John",
"last_name": "Doe",
"picture": "https://lh3.googleusercontent.com/-ByXCWfs-xjA/AAAAAAAAAAAAAAAAA/rabka12c/s96-c/photo.jpg",
"type": "s",
"permissions": [
2
],
"gender": "m",
"graduation_year": 2018,
"majors": [
44
]
}
Sign-In Flow
- Front-End authenticates with Google OAuth
- POST id_token to
/autha. Format is{"id_token": "ID_TOKEN"} -
/authwill return a JWT that contains the current user's identity (name, email, etc.) - Front-End stores the JWT in local storage
Sign-Out Flow
- Delete JWT
Website Enter Flow
- Front-End checks if user has a JWT
- If it does, validate it against
GET /auth/validate - Use the normal authentication header, and if the token is valid, a new
token will be returned in the following format:
{"jwt": "NEW_JWT"} - If not valid, delete the JWT
Request Flow
Include the following header:
Authorization: Bearer JWT_TOKEN