Authentication: Session lifecycle #41

valeriansaliou · 2022-06-17T16:45:49Z

Improve login (to its final state)
- Description: The login form could not be implemented to 100% state due to missing server feature.
- ⚠️ Concerns:
  1. We need to implement a way for tokens to be generated by the server (pretty much like most modern REST APIs work). A token should be revocable from any connected application, eg. if the user lost their device. Not sure a XEP exists for that, in any case we may need to create a Prosody module as well;
  2. Find a clean way to protect account credentials (JID + password) w/ an additional TOTP token (there should be a XEP for that, we also need to look for a Prosody module);
Connect using session tokens
- Description: Re-using the session tokens generated by the server (not possible ATM, see concerns above).
Ability to logout and destroy session tokens
- Description: Ability for the user to remove an account from the Prose app, which would need to destroy the session tokens from the server (not possible ATM, see concerns above).

valeriansaliou added the enhancement Improvement request label Jun 17, 2022

valeriansaliou moved this to Todo in Prose App MVP Jun 17, 2022

valeriansaliou added this to the MVP milestone Jun 17, 2022

RemiBardon moved this from Todo to Stale in Prose App MVP Jun 24, 2022

Provide feedback