ZakariaTalhami
commented
1 year ago @SHIV5T3R I would love to work on this task.
Closed SHIV5T3R closed 11 months ago
ZakariaTalhami
commented
1 year ago @SHIV5T3R I would love to work on this task.
dglalperen
commented
1 year ago @SHIV5T3R i can handle that one pretty quickly and safe. assign it to me if you want
SHIV5T3R
commented
1 year ago @SHIV5T3R I would love to work on this task.
go ahead :D
SHIV5T3R
commented
1 year ago edited this, logging in will be through GH OAuth
ZakariaTalhami
commented
1 year ago Logging using GitHub would provide us with a GitHub access token. Do we want to use this same token for authenticating access to the APIs and web sockets? Or do we want to generate our own JWT token for future authentication?
The same goes for the "User Profile / Settings" requirement. Do we want to save the profile to our DB on the first login? Or continue to fetch the profile from GitHub on each request?
For the first point, I suggest generating our own JWT, as the GitHub token can only be authenticated with GitHub. Also, most of the APIs and requests won't need access to GitHub after the initial login. For the second point, I would save the setting in our DB; that way, users can edit that information separately from GitHub and reduce the number of requests to the GitHub API.
Is this an acceptable approach?
SHIV5T3R
commented
1 year ago updated the issue again, we'll work on github oauth at a later stage
ZakariaTalhami
commented
1 year ago @SHIV5T3R Can you assign this to me if no one is picking it up?
This issue addresses the need to implement a set of robust API endpoints for authentication, enabling users to securely register, log in, and manage their accounts. By introducing these authentication endpoints, the application will ensure proper user authentication and authorization, enhancing security and user experience.
Expected Behavior
Registration Endpoint
A registration API endpoint should be implemented, allowing users to create new accounts by providing necessary information such as username, email, and password. Proper validation and error handling should be in place to prevent invalid or duplicate registrations.
Login Endpoint
A login API endpoint should be introduced to enable users to authenticate themselves by providing valid credentials. The endpoint should securely validate credentials and issue authentication tokens or session cookies upon successful login.
Logout Endpoint
A logout API endpoint should be implemented to allow users to invalidate their authentication tokens or clear session cookies, ensuring secure and controlled logouts.
User Profile / Settings
An API endpoint should be implemented to enable users to retrieve their profile information, providing them with relevant account details.
Security Measures
The API endpoints should incorporate security measures, such as rate limiting, to prevent abuse and protect against potential attacks like brute force.
Validation and Error Handling
Proper input validation and error handling mechanisms should be in place for all API endpoints, ensuring data integrity and providing meaningful error messages to clients.
Documentation
Comprehensive documentation for the authentication API endpoints should be created, explaining the required inputs, expected outputs, and usage examples for each endpoint.
Implementing dedicated API endpoints for authentication will significantly enhance the application's security and user access control. By providing these essential authentication features, the application will offer users a more secure and streamlined experience while ensuring their sensitive information remains protected.