Authentication

The authentication process.

Overview

Authentication encompasses the following processes:

• Forgot password - See the /app/forgot-password endpoint for more information
• Reset password - See the /app/reset-password endpoint for more information
• Sign-up - See the /app/signup endpoint for more information
• Sign-up activation - See the /app/signup endpoint for more information
• Log in - See the /app/login endpoint for more information

Pages related to these authentication processes should only be accessible when the API responses include the header X-Session-Status: auth.

HTTP/1.1 200 OK
...
X-Session-Status: auth
...

Authentication flow

TODO

Optional auth server

Backstack offers an optional auth server that can be used to authenticate your application users. It handles the login and registration process, along with password resetting.

To use it, create a link from your site and include your app ID in the query.

https://auth.backstack.com?app_id=your-app-id

Once authenticated, the user is redirected to your configured callback page where you can request the authenticated JWT to initiate the session.

// Get JWT id from the incoming GET request.
const jwtId = request.headers.get('jwt_id')

// Request the JWT.
const result = await fetch(`https://api.backstack.com/auth-server/fetch-jwt`, {
        headers: {
            'x-fetch-jwt': jwtId,
        }
    }
)

// Store the JWT for future API requests.
cookies.set('jwt', result.data.jwt)

Related information

• Requests - Performing API requests.
• Responses - Handling responses from the API.
• Sessions - Managing the current session.
• Form validation - How Backstack handles form validation.
• Errors - Understanding the API error feedback.