Frontend Authentication: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Token management = * Application stores tokens in local storage so when tab (?or browser) closed token details remain. * Token will auto refresh whenever a request is sent to backend requiring authorization * As long as a request is made within the expiry time of the refresh token (default 30 days) user does not need to sign in again = Sign in flow = * Frontend checks for local storage copy of tokens, if exist then considers the user signed in * If not already store...") |
No edit summary |
||
Line 25: | Line 25: | ||
* If frontend browser has tokens in local storage there is no redirection to Cognito UI, so the Cognito cookie process does not get triggered | * If frontend browser has tokens in local storage there is no redirection to Cognito UI, so the Cognito cookie process does not get triggered | ||
* If token does not exist, eg new tab or restart browser, then visiting a singin route will redirect to Cognito, which detects the cookie and returns back to frontend without needing to sign in | * If token does not exist, eg new tab or restart browser, then visiting a singin route will redirect to Cognito, which detects the cookie and returns back to frontend without needing to sign in | ||
= Working documents = | |||
[[:Category:Working_documents - Frontend Authentication|Frontend Authentication]] |
Revision as of 23:48, 12 January 2023
Token management
- Application stores tokens in local storage so when tab (?or browser) closed token details remain.
- Token will auto refresh whenever a request is sent to backend requiring authorization
- As long as a request is made within the expiry time of the refresh token (default 30 days) user does not need to sign in again
Sign in flow
- Frontend checks for local storage copy of tokens, if exist then considers the user signed in
- If not already stored in session, frontend will request user details from backend when local storage tokens detected
- Routes that do and do not require sign in will see the tokens and render their pages as if signed in
- If tokens are not present routes that do no require sign in will render page as if not signed in
- If tokens are not present routes that require sign in will redirect to Cognito sign in page
Token usage
- tokens are only sent to backend when request is sent to protected endpoint
- when sending backend request if local storage tokens expired use refresh token to generate new id/access tokens before sending request
- if the refresh token is no longer valid remove local storage tokens and begin sign in process
Cognito cookie session
- When using the Cognito UI to sign in a cookie is saved for the Cognito domain that remembers the signin for 1 hour
- If frontend returns to the sign in page Cognito will detect the cookie and redirect back to frontend as if the user signed in, without the need to sign in
- If frontend browser has tokens in local storage there is no redirection to Cognito UI, so the Cognito cookie process does not get triggered
- If token does not exist, eg new tab or restart browser, then visiting a singin route will redirect to Cognito, which detects the cookie and returns back to frontend without needing to sign in