diff --git a/docs/authentication.md b/docs/authentication.md index ea55b315f..4446cf0ab 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -1,18 +1,16 @@ # Authentication -The backend authenticates requests using signed cookies so they can contain user information so that it does not have to be fetched for every request. +The backend authenticates requests using signed cookies which contains user's id so that it does not have to be fetched for every request. -The cookie contains the user's id. +Cookies are sent [`secure` and `HttpOnly`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies) when users register their account, or when they log in using username and password. -Cookies are sent [`secure` and `HttpOnly`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies) when users register their account, or when they login using username and password. +Cookies expire after 30 minutes and the client is responsible for renewing cookies by calling the `GET /me/cookie` endpoint before they expire. -Cookies expire after 30 minutes and the client is responsible to renew cookies by calling the `GET /me/cookie` endpoint before they expire. - -When renewing cookies the server will re-check if the user still exists and if they haven't changed their password. For this a hash of the user's password hash, email, username, and id will be generated and included in the cookie. If any of these properties changes, the cookie cannot be renewed and the user has to log-in again. +When renewing cookies, the server will re-check if the user still exists and if they haven't changed their password. For this a hash of the user's password hash, email, username, and id will be generated and included in the cookie. If any of these properties changes, the cookie cannot be renewed and the user has to log-in again. ## Admin permissions -Admin permission are granted via the `isAdmin` flag on the `UserAccount`. +Admin permission are granted via the `isAdmin` flag on the `UserAccount` model. ## Configuration