-
Notifications
You must be signed in to change notification settings - Fork 6
Authentication and Authorization Strategy
Users on the CTF portal will be able to Sign Up by providing their Email id, Username, and password. They will be able to signup only after they can verify their email id. After successful verification of the email, the user will have successfully signed up and now he can log in. For logging into the portal users will have to provide the username and password they entered while signing up.
To handle the authorization of users so they can we can restrict access to the APIs only to authenticated user JSON Web Token and cookies will be used. After a user logs into the portal, an HTTP-only cookie will be set which will contain the Authorization token of the user. This token will store the id of the user and whenever he/she interacts with the portal and API is called, this token will be sent along with the API and an auth-middleware will run to Authorize the user. A user will only be allowed to access the APIs if this verification of JWT is successful inside the auth-middleware.
JSON Web token This will help you to understand JWT.
HTTP cookies Give a look at this documentation as well to get familiar with the concept of HTTP cookies.