Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authentication and authorization #17

Open
vityaman opened this issue Sep 21, 2024 · 3 comments
Open

Add authentication and authorization #17

vityaman opened this issue Sep 21, 2024 · 3 comments
Labels
backend Task related to the backend enhancement New feature or request help wanted Extra attention is needed security Security issue

Comments

@vityaman
Copy link
Contributor

vityaman commented Sep 21, 2024
edited
Loading

We want to use JWT for token based auth.

Also we need to think about theoretically supporting multiple login methods: Yandex ID, ITMO ID, Telegram (for bot).

References

Parent

Depends on
@vityaman vityaman added enhancement New feature or request backend Task related to the backend labels Sep 21, 2024
@vityaman
Copy link
Contributor Author

@Kimiega, what do you think about using Yandex ID for authentication? It should be slightly more secure and trusted by users, than to store login and passwords here.

@vityaman vityaman added the help wanted Extra attention is needed label Sep 21, 2024
@vityaman
Copy link
Contributor Author

vityaman commented Sep 28, 2024
edited
Loading

Do not forget to encrypt JWT payload. I did not this in LMS: vityaman-edu/lms#133

JWT Payload should be at least user_id, roles.

@vityaman
Copy link
Contributor Author

Our JWT token must support RFC8725.

@vityaman vityaman mentioned this issue Dec 13, 2024
Closed
12 tasks
@vityaman vityaman added the security Security issue label Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend Task related to the backend enhancement New feature or request help wanted Extra attention is needed security Security issue
Projects
ITMO Dating
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vityaman