Closed vnedyavila closed 3 years ago
First of all, because this issue is related to an API error, I've transfered it to the backend repository.
The shown error was actually a database connection failure. I figured out, that my mongodb instance crashed after update to 4.4. I've reverted back to mongo 4.2 and now the db is up and logins are operational again. I guess, I need to get a deeper look on how to migrate my current dataset to mongo 4.4.
And by the way, login post request always contain clear text credentials. That is totally fine as long as the credentials itself are not stored on the client side and you have a valid encrypted HTTPS connection to the server. HTTPS/TLS encrypts all communication between the client and the server (REST API) using the server's TLS certificate. After the login, the server checks the passed password and username against an Argon2ID hash, which is stored in the database. Only a JWT session cookie is saved on the client side to authenticate requests, which is signed by the API server.
Screenshot attached.
Here's the login request:
Here's the login response: