Skip to content
This repository was archived by the owner on Mar 22, 2018. It is now read-only.
This repository was archived by the owner on Mar 22, 2018. It is now read-only.

Better system for logging in/session management. #10

Description

@brettatoms

Right now "logging in" basically means that a successful response is returned when a request is made with an Authorization header. In the web app we login in by retrieving and storing the user JSON record in the sessionStorage and sending the user/pwd in each successive request. We need a better system that:

  1. Removes all locks held by the user. (when we implement editing locks)
  2. Returns a session token so we don't have to store the user/pwd in the browser, that has an expiration date,
  3. Supports a /logout that revokes the session token.
  4. Creates an auth history table that stores session tokens and keeps a history of user logins and logouts.

If we could drop in an OAuth or OAuth2 implementation that would be best.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions