Architecture
Authentication
The authentication process.
Overview
Authentication encompasses the following processes:
- Forgot password - See the /app/forgot-password endpoint for more information
- Reset password - See the /app/reset-password endpoint for more information
- Sign-up - See the /app/signup endpoint for more information
- Sign-up activation - See the /app/signup endpoint for more information
- Log in - See the /app/login endpoint for more information
Pages related to these authentication processes should only be accessible when the API responses include the header X-Session-Status: auth
.
HTTP/1.1 200 OK
...
X-Session-Status: auth
...
Authentication flow
TODO
Optional auth server
Backstack offers an optional auth server that can be used to authenticate your application users. It handles the login and registration process, along with password resetting.
To use it, create a link from your site and include your app ID in the query.
https://auth.backstack.com?app_id=your-app-id
Once authenticated, the user is redirected to your configured callback page where you can request the authenticated JWT to initiate the session.
// Get JWT id from the incoming GET request.
const jwtId = request.headers.get('jwt_id')
// Request the JWT.
const result = await fetch(`https://api.backstack.com/auth-server/fetch-jwt`, {
headers: {
'x-fetch-jwt': jwtId,
}
}
)
// Store the JWT for future API requests.
cookies.set('jwt', result.data.jwt)
Related information
- Requests - Performing API requests.
- Responses - Handling responses from the API.
- Sessions - Managing the current session.
- Form validation - How Backstack handles form validation.
- Errors - Understanding the API error feedback.