Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable a user to start a session (login) #12

Closed
zephinzer opened this issue Dec 13, 2018 · 3 comments
Closed

Enable a user to start a session (login) #12

zephinzer opened this issue Dec 13, 2018 · 3 comments
Labels
chore Technical nice-to-haves enhancement New feature or request
Milestone
0.1.0

Comments

@zephinzer
Copy link
Contributor

Method: POST
Path: /session

Task: A system should be able to log a user in by creating a session. For the basic version of this feature, we'll create a signed JWT and send it to the user. The JWT should contain either the user's UUID or some unique session token that can be linked back to them.

Things to consider:

  • Passing in of an expiration parameter
  • Recording of login time/ip address/user agent?
  • How do we retrieve the key used for signing so that other services may verify the JWT?
@zephinzer zephinzer added enhancement New feature or request chore Technical nice-to-haves labels Dec 13, 2018
@zephinzer zephinzer added this to the 0.1.0 milestone Dec 13, 2018
This was referenced Dec 13, 2018
Closed
Open
@zephinzer zephinzer changed the title Enable a user to login Enable a user to start a session (login) Dec 15, 2018
@zephinzer zephinzer mentioned this issue Dec 15, 2018
Open
zephinzer added a commit that referenced this issue Dec 15, 2018
@zephinzer
[#12] added migrations for Sessions module
f763ae6 
- also updated accounts table to update last_modified on any update
zephinzer added a commit that referenced this issue Dec 19, 2018
@zephinzer
[#12] first working commit
bfa9d96
@zephinzer
Copy link
Contributor Author

added fields for refresh token, access token, expiry date, ip address, source and device - but we will leave it up to an /auth endpoint to generate those so as to decouple the session maintenance from authentication

zephinzer added a commit that referenced this issue Dec 19, 2018
@zephinzer
[#12] finalised session module with validation checks and gofmt appea…
fed564c 
…sing
@zephinzer
Copy link
Contributor Author

will be separating the authentication from session creation to keep it decoupled so that we can offer more than one mechanism to login - if we integrate it with POST /session, that means the username/password method will be coupled and we can't do for example an email-only login or a 2fa based one in future, defer the decision to the latest point possible!

zephinzer added a commit that referenced this issue Dec 19, 2018
@zephinzer
[#12] added migrations for Sessions module (#22)
cf00bd8 
* added migrations for Sessions module
  - also updated accounts table to update last_modified on any update
* first working commit
* finalised session module with validation checks and gofmt appeasing
* updated readme for Sessions
@zephinzer
Copy link
Contributor Author

merged into master

zephinzer added a commit that referenced this issue Dec 19, 2018
@zephinzer
[#12] updated the sessions documentation
052aec4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Technical nice-to-haves enhancement New feature or request
Projects
None yet
Milestone
0.1.0
Development

No branches or pull requests
1 participant
@zephinzer