Skip to content
This repository has been archived by the owner on Sep 1, 2020. It is now read-only.

auth to-do list #1

Open
13 tasks
jameshadfield opened this issue Apr 11, 2019 · 3 comments
Open
13 tasks

auth to-do list #1

jameshadfield opened this issue Apr 11, 2019 · 3 comments

Comments

@jameshadfield
Copy link
Member

jameshadfield commented Apr 11, 2019
edited
Loading

For prototype

  • JWT expiry
  • decode JWT in client to get username
  • a development flag to ignore authentication (!)
  • test JWT
  • set up protected S3 URL for data & access from server
  • remove delete token button on login page
  • changing password doesn't revoke JWTs, so a user is still authenticated
  • incorrect username/passwords remain filled in after failure
  • show spinner (e.g.) after clicking "login"

For real usage

  • login rate limiting & max retries
  • ability to revoke JWTs & client check JWT hasn't been revoked
  • store hashed passwords (server) -- see note in server/auth.js
  • user db or similar
@jameshadfield jameshadfield self-assigned this Apr 11, 2019
@tsibley
Copy link
Member

tsibley commented Apr 17, 2019

It might make more sense to delegate authentication to an external service instead of building it ourselves. There are several we could use, e.g. Auth0.

@jameshadfield
Copy link
Member Author

Could do. Passportjs and Auth0 work well together.

@jameshadfield jameshadfield removed their assignment Apr 27, 2019
@jameshadfield
Copy link
Member Author

Auth for prototype (discuss)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tsibley @jameshadfield