search

ai-cfia / membrane-backend

Membrane Backend: A centralized authentication service for Single Sign-On (SSO) enabling seamless token-based email verification across multiple client applications.
MIT License
1 stars 0 forks source link

Implement User Session Persistence in Membrane Backend #51

Open CFIALeronB opened 11 months ago

CFIALeronB commented 11 months ago

Description:

Enhance the Membrane Backend to support persistent user session authentication data, ensuring users authenticated in one client application don't need to re-authenticate in another.

Objectives:

  1. Persist User Session Data: Once a user is authenticated, maintain their session to allow seamless navigation between different client applications.

Detailed Steps:

  1. Session Data Design:

    • Determine what constitutes session data: user ID, token details, expiration time, etc.

  2. Storage Mechanism:

    • Evaluate options like in-memory storage, distributed cache systems (e.g., Redis), or other secure storage solutions.

  3. Session Management:

    • Develop functionalities for:
      • Session creation upon successful authentication.
      • Fetching session data to validate user authentication status.
      • Session refresh or update.
      • Session expiration or removal post time limit.

  4. Authentication Flow Modification:

    • Before email verification:
      • Check if a valid session exists for the user.
      • If so, notify the client application backend to bypass further verification by encoding verification token with user session data (email) and redirect back to client application.
      • If not, continue the email verification process.

  5. Testing:

    • Ensure the session persistence works under scenarios like:
      • Successful user authentication.
      • User navigating to a different client application post-authentication.
      • Session expiration scenarios.
      • Multiple device sessions.

  6. Documentation:

    • Update workflow.md and related docs to reflect the changes and new functionalities.

Acceptance Criteria:

rngadam commented 11 months ago

@CFIALeronB don't forget to use the Membrane project instead of Louis project from now on.