Skip to content

Instantly share code, notes, and snippets.

@sethvincent

sethvincent/readme.md

Last active November 23, 2016 04:26
Show Gist options
  • Save sethvincent/85e583230bf75f012733608309be998d to your computer and use it in GitHub Desktop.
Save sethvincent/85e583230bf75f012733608309be998d to your computer and use it in GitHub Desktop.
Download ZIP
township auth flow
Raw
readme.md

Create user

  • client sends request to api server to create user with email and password
  • api server stores email and salted password

Log in

  • client sends request to api server to log in with email and password
  • api server checks email & password, then creates & signs token if correct and returns to client
  • client stores token (e.g. local storage if browser)

Authenticated requests

  • client makes requests for resources, and includes token in every request
  • api server validates token, and if successful, returns resource
    • if token is invalid, api server sends back error response

Log out

  • on logout, client deletes token from storage so it can no longer be used
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment