UMTS at Teleco
fa680b24d1
JAYSON DERULO
|
1 mēnesi atpakaļ | |
|---|---|---|
| .. | ||
| README.md | 1 mēnesi atpakaļ | |
| clear_sessions.md | 1 mēnesi atpakaļ | |
| login.md | 1 mēnesi atpakaļ | |
| logout.md | 1 mēnesi atpakaļ | |
| status.md | 1 mēnesi atpakaļ | |
README.md
Authentication
How sessions work. Login to get a token, send it on every request, logout when done.
Not that hard see?
Pages
- Login
POST /auth/loginauthenticate and get a session token - Logout
POST /auth/logoutkill yourself - Status
GET /auth/statuscheck if your session is still alive and when it kills itself - Clear Sessions
POST /auth/clear-sessionsadminier: nuke all sessions for a specific user
How it works
- call
/auth/loginwith credentials using ur sign in methodick. - get a magic session token back
- send that token as
Authorization: Bearer <token>on every damn request after that - when youre done call
/auth/logoutto kill yourself - sessions expire after a configurable timeout if you dont use them
Sessions should optionally be able to persist across server restarts (server should only store a hash of the token in the database, never the raw token itself obviously). On restart it loads them hash brownies back.
Each user should have a max number of concurrent sessions (configurable). When you go over the limit the oldest session gets deported to hell automatically to make room for the new one.