Changes between Version 1 and Version 2 of Reduce_usage_of_authenticator

Nov 8, 2020, 3:03:09 PM (6 months ago)
Kevin Reed



  • Reduce_usage_of_authenticator

    v1 v2  
    4444* Modify the web rpcs to use the access tokens instead of the authenticator
    46 The implementation details of this will be described more fully in a separate document.
    4846== Website Session Cookies (Scenario #3) ==
    4947The “auth” cookie, which currently contains the authenticator, will instead use a “web session token” (see below) for its value.  The expiration time for the token will be extended after each access to the web page.
    5149If the user checks the “remember me” checkbox, then an additional token “rememberme” will be created that stores a “Remember me token”.  If the user accesses a project website and they do not have a valid “auth” cookie (i.e. a valid web session token), then the site will check to see if they have a valid “rememberme” cookie/token.  If they do, then the website create a new web session token and set the “auth” cookie as well as it will replace the “rememberme” cookie/token with a new “Remember me token” and then delete the one that was just used.
     51= Implementation Details =
     52Please see [wiki:Reduce_usage_of_authenticator_implementation Reduce usage of authenticator implementation] for details about the proposed implementation.  Note that most of the implementation describes the implementation for OAuth (scenario 2) as the implementations for scenario #1 and #3 are relatively straightforward but should still reuse the existing token code and make sure they take the OAuth implementation in mind when the work is done for those two.