blocks
blocks copied to clipboard
Server-side user authentication
The servers need to be able to identify a logged-in user for future server-side features. In order not to send the whole session token to a third party server this will require:
- [ ] An endpoint for a user to get a session token scoped by server
- [ ] An endpoint for the severs to verify a scoped session token signature
- [ ] Implement support on the servers for this auth workflow and the storage of their session token and status
- [ ] Implement fetching a scoped token and sending it while while conecting to a server on the client.