Aya icon indicating copy to clipboard operation
Aya copied to clipboard
verified publisher icon ClarityCafe

User Authentication

Open sr229 opened this issue 6 years ago • 6 comments

We have the option to use two of the following:

  • an dApps Auth using your Ethereum wallet as your credentials, preferrably MetaMask.

  • classic SSO by a third party.

This should allow us to implement permissions for #2.

sr229 avatar Dec 22 '19 09:12 sr229

I reckon we should use Reddit OAuth for third party logins, seeing as we'll be dealing with some stuff from them anyway.

Ovyerus avatar Dec 22 '19 09:12 Ovyerus

the way I see it we might also add integration from them as well if our URL got posted there

sr229 avatar Dec 22 '19 10:12 sr229

What do you mean?

Ovyerus avatar Dec 22 '19 12:12 Ovyerus

@Ovyerus Redditbooru automatically checks if certain link exists on Reddit, if it does then it provides some metadata but I don't think we should do that.

sr229 avatar Dec 22 '19 14:12 sr229

Assigning @Ovyerus for this. We can use the OAuth spec for this so you can bother around by supporting Reddit first. You can do Discord as well if it fancies you.

sr229 avatar Apr 26 '20 07:04 sr229

This would be our Login Flow:

  • User logs in via a supported OAuth provider (Reddit, Discord, etc.)
    • Generate JWT and check if user already exists via redditLink. - If we have a matching user via redditLink, then proceed with just Login, if not, redirect them to the checkpoint page where a reCaptcha page would validate them if its a robot. Once validated, perform a POST to /api/user/.

sr229 avatar Apr 26 '20 11:04 sr229