Closed mtokumaru closed 8 years ago
robobario
commented
8 years ago we'll have to implement sessions. when a user logs in give them a strong session id and store it in the DB along with a last accessed time. Update the last accessed every time for now. If it's been too long since last access expire cookie and redirect them to login again.
robobario
commented
8 years ago https://developers.google.com/identity/sign-in/web/
Use the google client libs to validate the tokens sent to us are good. We probably need a dropwizard endpoint to submit the token for validation. If valid create a user in the database and set a session cookie and store session timeout/info into the db.
https://developers.google.com/identity/sign-in/web/backend-auth
robobario
commented
8 years ago https://www.owasp.org/index.php/Hashing_Java
for password hashing look at this, save hash plus a large random salt
mtokumaru
commented
8 years ago I wonder if we should close this issue and create new ones for user profile and things like that?
robobario
commented
8 years ago Sure
Users will have the choice to sign in with usernames (email optional) and also using google authentication.