Slipmat3 Developer Docs

# Authentication / security

Work in progress

This document is still under development.

Out of scope: user management like changing and resetting password etc do not belong here.

# Tehchnical

  • Authentication should work well with mobile and also from third-party apps / outside of the main site.
  • Authentication should be implemented with tokens (for native apps) + http-only session cookies (for internal apps).
  • Prio 3: We should check all new passwords against Pwned Passwords database (opens new window). (There probably is a Django solution available already.)

# User Stories

# User

  • DONE: As a user I should be able to login using email / password.
  • DONE: As a user I should be able to log out easily.
  • Prio 2: As a user I should be able to login with my Facebook account.
  • Prio 2: As a user I should be able to login with my Google account.
  • Prio 2: As a user I should be able to login with Apple ID.
  • Prio 3: As a user I should be notified (by email) when I log in with a previously unseen device.
  • Prio 3: As a user I should be able to protect my account with 2FA.

# Admin

  • As an admin user I should be able to disable a user (prevent from loggin in).
  • Prio 2: As an admin user I should be able to log a user out.

# Third-party Developer

  • Prio 2: As a developer I should be able to implement Slipmat login using the API + tokens.
  • Prio 3: As a developer I should be able to use Slipmat logins on a third-party site.
Edit this page (opens new window)
Last Updated: 9/20/2020, 11:59:09 AM

Background Tasks