sequenceDiagram
User->>Webclient: Initiates diagram's generation
Webclient-->>Browser Cookies: Look up JWT tokens
alt "Login/Sign-in flow", the refresh token not found
Webclient->>User: Login page
alt User opts-in for login
User->>Webclient: Enter email address
Webclient-->Webclient: Login page's state transition: "input secret"
Webclient->>AuthService: Call "/auth/email"
else User wants to continue without authN
Webclient-->Webclient: Generate user's "fingerprint"
Webclient->>AuthService: Call "/auth/anonym"
end
AuthService-->AuthService: Validate request
alt User exist
AuthService-->>DB: Lookup the user and status
alt email_verified==true && active==false
AuthService->>Webclient: Reply: 401
Webclient->>Webclient: Error popup
end
else User does not exist
AuthService-->>DB: Create user: email_verified is false, active is false
end
AuthService-->AuthService: Generate JWT ID token and secret
AuthService-->>Cache: Store secret
AuthService-->>SMTP: Dispatch the secret
AuthService->>Webclient: Response: user_id+secret expiration time
SMTP->>User: Deliver email with the secret
User->>Webclient: Input secret
Webclient-->Webclient: Validate secret's expiration
Webclient->>AuthService: Call "/auth/confirm"
AuthService-->>Cache: Lookup secret
AuthService-->AuthService: Validate secret
AuthService-->>DB: Update user: email_verified is true, active is true
AuthService-->AuthService: Generate JWT: Access and Refresh tokens
AuthService->>Webclient: Response: JWT tokens
Webclient-->>Browser Cookies: Store JWT tokens
else Referesh token found
Webclient->>AuthService: Call "/auth/refresh"
AuthService-->AuthService: Validate token
alt Token is invalid
AuthService->>Webclient: Response: 401
Webclient->>Webclient: Error popup, init the "login/sign-in flow"
else Token is valid
AuthService-->>DB: Lookup the user and status
alt active==true
AuthService-->AuthService: Generate JWT: Access tokens
AuthService->>Webclient: Response: Send JWT tokens
Webclient-->>Browser Cookies: Store JWT tokens
else active==false
AuthService->>Webclient: Response: 401
Webclient->>Webclient: Error popup, init the "login/sign-in flow"
end
end
end
Problem
All users have a single plan for now. Many users would want to extend the quota, or have case-tailored usage conditions.
Proposed Solution
Implement user's authentication and authorisation using JWT.
References:
End-to-end flow: webclient
Contract
/auth/signin/init
Request:
Responses:
/auth/anonym
Request:
Responses:
/auth/signin/confirm
Request:
Responses:
/auth/refresh
Request:
Responses: