linstrom/authentication-flow.md

# Plan for how authentication will work

## Frontend auth

### Registration

1. Send username to registration endpoint
2. Get webauthn options
3. Perform webauthn check (selecting and confirming passkey)
4. Server verifies response
5. Minimal account ready for login

### Login

1. Send username to login endpoint
2. Error out if user doesn't exist
3. Get webauthn options from response
4. Get passkey response
5. Send response to Server
6. Server checks and gives ok or fail.
   Ok also sets a server only cookie with an access token

## api

1. Generate API token via frontend
2. Use api token for authorisation
progress server is launchable and passkey support works 2024-09-27 14:53:22 +00:00			`# Plan for how authentication will work`

			`## Frontend auth`

			`### Registration`

			`1. Send username to registration endpoint`
			`2. Get webauthn options`
			`3. Perform webauthn check (selecting and confirming passkey)`
			`4. Server verifies response`
			`5. Minimal account ready for login`

			`### Login`

			`1. Send username to login endpoint`
			`2. Error out if user doesn't exist`
			`3. Get webauthn options from response`
			`4. Get passkey response`
			`5. Send response to Server`
Serverside stuff. Mostly shuffling things around 2024-10-26 09:42:51 +00:00			`6. Server checks and gives ok or fail.`
			`Ok also sets a server only cookie with an access token`
progress server is launchable and passkey support works 2024-09-27 14:53:22 +00:00
			`## api`

			`1. Generate API token via frontend`
			`2. Use api token for authorisation`