Open J0eppp opened 3 years ago
@hugopilot suggestions?
I'd say allow both. Some organizations like to sync accounts with certain services (like Active Directory, etc)
So that would mean allowing people to 'link' their account to a certain service.
I'd say allow both. Some organizations like to sync accounts with certain services (like Active Directory, etc)
So that would mean allowing people to 'link' their account to a certain service.
So the main way of logging in would be through our system, but they are able to link their account to let's say their Microsoft (school) account etc.?
Sign session tokens using JWT? How long should a session last? 24 hours seems too long, 1 hour might be a little bit short, maybe 6 hours? And reset the timer every time the user loads a page? @hugopilot
I'd say allow both. Some organizations like to sync accounts with certain services (like Active Directory, etc) So that would mean allowing people to 'link' their account to a certain service.
So the main way of logging in would be through our system, but they are able to link their account to let's say their Microsoft (school) account etc.?
Correct
How do we want to manage authentication and sessions?
Authentication
We have our own authentication system
People can log in on our site with their username/email and password and everything is stored in our database.
Pros
Cons
We use (an)other service(s) in order to authenticate users.
We use the ouath2 protocol and another service (or multiple services) like Google in order to authenticate users.
Pros
Cons
Suggestions??
Sessions
Where do we want to store the session token?
Cookie
Store the session token in a cookie.
Pros
Cons
Does this have any cons over the other methods?
LocalStorage
Store the session token in the localstorage of the browser.
Pros
Does this have any pros over the other methods?
Cons
Suggestions??