Skip to content

Auth Flows with central server

Jump to bottom
hammy3502 edited this page Oct 26, 2021 · 3 revisions

NOTE: All requests made should be application/json

Regular Authentication

  1. client/server sends central-server (at any endpoint), a username, password, and the auth key set to "password".
  2. central-server will return a token inside of the token key. Note that this response does NOT include the requested data.
  3. client/server sends central-server (at any endpoint), a token retrieved from step 2 (hereby called a perma-token) and the auth key set to "perma_token".
  4. central-server will return a different token (hereby called a temporary-token) inside of the token key.
  5. The temporary-token can be used with the auth key set to "temp_token" to send and receive data.

Bad Username or Password

  1. client/server sends central-server (at any endpoint), a username, password, and the auth key set to "password".
  2. central-server responds with a HTTP code 401, and a message key of "Unauthorized!"

Notes about Tokens

  • Perma-tokens are never automatically revoked, and can only be revoked manually (those with the permission revoke_tokens). This is the ideal thing to save to disk (such as in a cookie), as it isn't the direct username and password of the user, while it still acts as a permanent method of authentication.
  • Temporary tokens are automatically revoked after 24 hours, at which point they will fail to authenticate with the server.
Clone this wiki locally