API tools faq
paste
Advertisement
kellykamay

Untitled

kellykamay
Mar 3rd, 2020
500
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.60 KB | None | 0 0
raw download clone embed print report
  1. Authentication process
  2.  
  3. Step 1:
  4. - Normal login page with username and password field
  5. - after a user entered his username and password, the request for token activated and will send this data
  6. the_data = {
  7. email: info.email,
  8. password: info.pass,
  9. browser: this.thebrowser,
  10. os: this.theos,
  11. remove: 'true',
  12. token_expiry: 63113852000 // in milliseconds
  13. }
  14. via websocket, this.socket.emit("request_login_token",the_data);
  15.  
  16. - then will wait for response and the response will be the token itself
  17. - store the token, then close the socket
  18. - server will send otp to user thru email
  19.  
  20. Step 2:
  21. - OTP page (user should enter otp )
  22. - verify OTP and Token, sending data to server again
  23. the_data = {
  24. otp: this.otp,
  25. token: this.theToken,
  26. browser: this.theBrowser,
  27. os: this.theOs,
  28. remove: 'true'
  29. }
  30. via websocket again, this.socket.emit("confirm_token",the_data);
  31.  
  32. - then will wait for response
  33. - if response code === "1104" all is good then save the token to localstorage and redirect the user to pro dashboard
  34. - if response code === "1101" both token and otp are invalid
  35. - if response code === "1102" token is invalid
  36. - if response code === "1103" otp is invalid
  37. - then close the socket
  38.  
  39. Step 3:
  40. - Assuming the user logged out
  41. - Login page (if token exist in localstorage the login page will be different)
  42. - after user enter password, token verification process will activate
  43. - the data to be send will ne like this
  44. the_data = {
  45. otp: '12345678', // fake otp..as we dont need it
  46. token: this.validToken, // token stored in localstorage
  47. browser: navigator.userAgent,
  48. os: navigator.appVersion,
  49. remove: 'true'
  50. }
  51. via websokect, this.socket.emit("confirm_token",the_data);
  52. - then will wait for response
  53. - if response code === "1103" all is good redirect to pro dashboard
  54. - if response code === "1105" token expired and need to re-authenticate
  55. - if response code === "1101" both token and otp are invalid
  56. - then close the socket
  57.  
  58.  
  59.  
  60.  
  61. TOKEN PAYLOAD example:
  62. {
  63. "email": "kellykamay@gmail.com",
  64. "browser": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
  65. "os": "5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
  66. "ip": "::ffff:103.91.141.198",
  67. "nonce": "alQG6O/VbaC+g/GSHnUBztBhH2L5IWCL1UCPDaxFOT8=",
  68. "iat": 1583250274,
  69. "exp": 1583336674
  70. }
  71.  
  72. note: the nonce field is an encrypted unique key
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!