Open louis993546 opened 5 years ago
From #10: It's gonna be a bit weird with GraphQL
For more info, read this page from gqlgen
Current idea:
userId
And they can be transmit in with basic auth. Still not sure what the database needs to store, and how to secure it.
Slightly polished version:
scenario | user id | totp | passphrase | session token | Why |
---|---|---|---|---|---|
db compromise | gone | gone | safe | gone | db only store salted hash passphrase, so hacker "won't be able" to use the renew endpoint to generate a new session token. |
MITM attack | gone | safe | ok | ok | totp changes very often, session token changes quite often + revoke-able, and passphrase also only sent quite often. Feel like this is good enough for a "talk to your roommate" app |
device compromise | gone | ok | ok | gone | it's true for most services: if device is compromised, expire that session token. And even though passphrase is on device, it can be store in hard to retrieve space to avoid eavesdropping. Feel like this is good enough for a "talk to your roommate" app |
There is (at least) 1 scenario that I am missing: MITM but next to the server. If the hacker sees all network traffic of the API, does it make it easier for them to crack anything?
Not exactly the same thing: iOS is more geared towards user, which can & will screw things up. Also need to think about users that don't set password on their device, in which keychain might not be available in certain configurations.
TL;DR: from the API's point of view, the plan above is do-able.