Skip to content
This repository was archived by the owner on Sep 1, 2020. It is now read-only.
This repository was archived by the owner on Sep 1, 2020. It is now read-only.

auth to-do list #1

Open
Open
auth to-do list#1
@jameshadfield

Description

@jameshadfield
jameshadfield
opened on Apr 11, 2019

For prototype

  • JWT expiry
  • decode JWT in client to get username
  • a development flag to ignore authentication (!)
  • test JWT
  • set up protected S3 URL for data & access from server
  • remove delete token button on login page
  • changing password doesn't revoke JWTs, so a user is still authenticated
  • incorrect username/passwords remain filled in after failure
  • show spinner (e.g.) after clicking "login"

For real usage

  • login rate limiting & max retries
  • ability to revoke JWTs & client check JWT hasn't been revoked
  • store hashed passwords (server) -- see note in server/auth.js
  • user db or similar

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions