-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable a user to start a session (login) #12
Comments
- also updated accounts table to update last_modified on any update
added fields for refresh token, access token, expiry date, ip address, source and device - but we will leave it up to an /auth endpoint to generate those so as to decouple the session maintenance from authentication |
will be separating the authentication from session creation to keep it decoupled so that we can offer more than one mechanism to login - if we integrate it with POST /session, that means the username/password method will be coupled and we can't do for example an email-only login or a 2fa based one in future, defer the decision to the latest point possible! |
merged into master |
Method:
POST
Path:
/session
Task: A system should be able to log a user in by creating a session. For the basic version of this feature, we'll create a signed JWT and send it to the user. The JWT should contain either the user's UUID or some unique session token that can be linked back to them.
Things to consider:
The text was updated successfully, but these errors were encountered: