Closed EtienneDx closed 3 months ago
Marin-de-Drouas
commented
6 months ago For App security we can use "Javascript Object Signing and Encryption" in order to authenticate users, it requires RSA Key generation and storage but it is pretty easy to implement. (Only matter is that the local user device would store the key so it's a device based auth)
EtienneDx
commented
6 months ago Looking at the wiki, one of their RFC is JWT, which is the one I recommended here :)
Marin-de-Drouas
commented
6 months ago Yes absolutely that's why i thought about it, it is a jwt signed and encrypted
EtienneDx
commented
6 months ago I meant jwt are one of the Jose standard :)
EtienneDx
commented
3 months ago First part done, still needs to figure out the middleware part of the authentication. See #33
As a User, I want to authenticate myself, So that I can access securely my personal data.
To authenticate, jwt should be used. The jwt should contain the basic information about the user, such as its id, name and email.
An authorization middleware should also be created to be used by other APIs later on, returning the user data contained in the jwt. The goal of the jwt is to reduce the number of database queries using the informations within.
On the front-end side, an email-password page should be created, saving the jwt in an app state. Decision regarding the use of redux should be made independently of this story, as part of the previous infrastructure task.