Architecture

Authentication

The authentication process.


Overview

Authentication encompasses the following processes:

Pages related to these authentication processes should only be accessible when the API responses include the header X-Session-Status: auth.

HTTP/1.1 200 OK
...
X-Session-Status: auth
...

Authentication flow

TODO


Optional auth server

Backstack offers an optional auth server that can be used to authenticate your application users. It handles the login and registration process, along with password resetting.

To use it, create a link from your site and include your app ID in the query.

https://auth.backstack.com?app_id=your-app-id

Once authenticated, the user is redirected to your configured callback page where you can request the authenticated JWT to initiate the session.

// Get JWT id from the incoming GET request.
const jwtId = request.headers.get('jwt_id')

// Request the JWT.
const result = await fetch(`https://api.backstack.com/auth-server/fetch-jwt`, {
        headers: {
            'x-fetch-jwt': jwtId,
        }
    }
)

// Store the JWT for future API requests.
cookies.set('jwt', result.data.jwt)

Previous
Responses