madnerdorg / libreconnect

Plug an arduino to connect it as a websocket

http://madnerd.org

MIT License

5 stars 0 forks source link

Token authentification #12

Open maditnerd opened 7 years ago

maditnerd commented 7 years ago

Instead of using a password, the client should mostly use temporary token. Password will only be used to provided a token to the client.

Token are stored with an expiration date (and ip) into variables.

Token are erased when

Client asked to be disconnected
It expires
The device is unplugged / system restart (a persistant mode could be useful)

Example:

First authentication

Websocket ask for password
Client answer with password
Websocket send token
Client save token in localStorage (for a given time)

Second authentication

Websocket ask for password
Client respond with token
Websocket check Token association
Client logged in automatically.

Disconnection

Client click on disconnect
Client erase token from localStorage.
Client send websocket a clear token commands
Websocket reset token.