Add authentication and authorization

secs-dev / itmo-dating

Dating Service for ITMO students.

0 stars 0 forks source link

Add authentication and authorization #17

Open vityaman opened 2 months ago

vityaman commented 2 months ago

We want to use JWT for token based auth.

Also we need to think about theoretically supporting multiple login methods: Yandex ID, ITMO ID, Telegram (for bot).

References

Spring, Yandex ID, JWT: https://github.com/vityaman-edu/lms/tree/trunk/botalka
React, Yandex ID, JWT: https://github.com/vityaman-edu/web-taparia-nest-react

Parent

Depends on

vityaman commented 2 months ago

@Kimiega, what do you think about using Yandex ID for authentication? It should be slightly more secure and trusted by users, than to store login and passwords here.

vityaman commented 1 month ago

Do not forget to encrypt JWT payload. I did not this in LMS: https://github.com/vityaman-edu/lms/issues/133

JWT Payload should be at least user_id, roles.

vityaman commented 1 month ago

Our JWT token must support RFC8725.

secs-dev / itmo-dating