linstrom/authentication-flow.md

# Plan for how authentication will work

## Frontend auth

### Registration

1. Send username to registration endpoint
2. Get webauthn options
3. Perform webauthn check (selecting and confirming passkey)
4. Server verifies response
5. Minimal account ready for login

### Login

1. Send username to login endpoint
2. Error out if user doesn't exist
3. Get webauthn options from response
4. Get passkey response
5. Send response to Server
6. Server checks and replies with session token
7. Frontend uses session token for authorisation of all requests afterwards

## api

1. Generate API token via frontend
2. Use api token for authorisation
progress server is launchable and passkey support works 2024-09-27 14:53:22 +00:00			`# Plan for how authentication will work`

			`## Frontend auth`

			`### Registration`

			`1. Send username to registration endpoint`
			`2. Get webauthn options`
			`3. Perform webauthn check (selecting and confirming passkey)`
			`4. Server verifies response`
			`5. Minimal account ready for login`

			`### Login`

			`1. Send username to login endpoint`
			`2. Error out if user doesn't exist`
			`3. Get webauthn options from response`
			`4. Get passkey response`
			`5. Send response to Server`
			`6. Server checks and replies with session token`
			`7. Frontend uses session token for authorisation of all requests afterwards`

			`## api`

			`1. Generate API token via frontend`
			`2. Use api token for authorisation`