Changes between Version 1 and Version 2 of Reduce_usage_of_authenticator

Timestamp:

Nov 8, 2020, 3:03:09 PM (4 years ago)

Author:

Kevin Reed

Comment:

--

Reduce_usage_of_authenticator

@@ -44 +44 @@
 * Modify the web rpcs to use the access tokens instead of the authenticator
 
-The implementation details of this will be described more fully in a separate document.
-
 == Website Session Cookies (Scenario #3) ==
 The “auth” cookie, which currently contains the authenticator, will instead use a “web session token” (see below) for its value.  The expiration time for the token will be extended after each access to the web page.
@@ -51 +49 @@
 If the user checks the “remember me” checkbox, then an additional token “rememberme” will be created that stores a “Remember me token”.  If the user accesses a project website and they do not have a valid “auth” cookie (i.e. a valid web session token), then the site will check to see if they have a valid “rememberme” cookie/token.  If they do, then the website create a new web session token and set the “auth” cookie as well as it will replace the “rememberme” cookie/token with a new “Remember me token” and then delete the one that was just used.
 
+= Implementation Details =
+Please see [wiki:Reduce_usage_of_authenticator_implementation Reduce usage of authenticator implementation] for details about the proposed implementation.  Note that most of the implementation describes the implementation for OAuth (scenario 2) as the implementations for scenario #1 and #3 are relatively straightforward but should still reuse the existing token code and make sure they take the OAuth implementation in mind when the work is done for those two.
+