Skip to content
Snippets Groups Projects
Commit fed67277 authored by Victor Löfgren's avatar Victor Löfgren
Browse files

Move JWT from overview to server

parent d15d3fcd
No related branches found
No related tags found
1 merge request!159Resolve "Documentation"
......@@ -26,13 +26,3 @@ The Node server will then send them back to the client.
The client can also communicate directly with the server via sockets.
These are suited for fast real time communication.
Thus they are used during an active presentation to sync things between different views such as current slide and timer.
### JSON Web Tokens (JWT)
We use JSON Web Tokens (JWT) for authentication, both for API and socket events.
A JWT is created on the server when a user logs in or connects to competition.
We store some information in JWT, which can be seen in the file `server/app/apis/auth.py`.
The JWT is also encrycpted using the secret key defined in `server/configmodule.py`.
(OBS. Change this key before running the server in production).
The client can read the contents of the JWT but cannot modify them because it doesn't have access to the secret key.
This is why the server can simply read the contents of the JWT be sure that the client is who it says it is.
......@@ -30,6 +30,16 @@ What authorization to be done on the server is specified by the `@protect_route(
This decorator specifies who is allowed to access this route, which can either be users with specific roles, or people who have joined competitions with specific views.
If the route is not decorated everyone is allowed to access it, the only routes currently like that is logging in as a user and joining a competition, by necessity.
#### JSON Web Tokens (JWT)
We use JSON Web Tokens (JWT) for authentication, both for API and socket events.
A JWT is created on the server when a user logs in or connects to competition.
We store some information in the JWT, which can be seen in the file `server/app/apis/auth.py`.
The JWT is also encrycpted using the secret key defined in `server/configmodule.py`.
(OBS: Change this key before running the server in production).
The client can read the contents of the JWT but cannot modify them because it doesn't have access to the secret key.
This is why the server can simply read the contents of the JWT to be sure that the client is who it says it is.
### Parsing request
After the request is authorized the server will need to parse contents of the request.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment