Authentication Flow Diagram - AvengerDisassemble/KU-connect GitHub Wiki

Registration

Job Seeker

For a student or an alumnus who has a KU account

  1. A student enters the account registration page.
  2. The student selects the "register as a job seeker with a KU account" option.
  3. The student is redirected to Google OAuth.
  4. The student enters the email and password and presses enter.
  5. The student is led to a profile creation section handled by KU-Connect (not all information should be required to fill out at first).
  6. The student finishes entering their information and presses next. The system creates a verified student account.
  7. The student is redirected to the job browsing with he/she being logged into their account.

For an alumnus who doesn't have a KU account.

  1. An alumnus enters the account registration page.
  2. The alumnus selects "register as a job seeker without a KU account."
  3. The alumnus is asked to enter their name and surname, and create a password and a username. The system will not let the user progress if his/her username is duplicated. The checker should check the validity of the username automatically, promptly after the user finishes entering the username in the textbox, and notify him/her.
  4. The alumnus finishes that and presses next.
  5. The alumnus is led to a profile creation section for them to create their display profile (not all information should be required to fill out at first).
  6. The alumnus is asked to provide proof of being a KU CPE/SKE student and their contact information. The proof should be provided as a JPEG, PNG, or PDF file with a specific size only. (This one should be a required section in the profile creation page.)
  7. The alumnus finishes that and presses create.
  8. A new unverified user account is created. The alumnus is redirected to a browse job page and logged into their account.
  9. The admin is notified of the new unverified user to be verified by them.
  10. When the admin clicks into the verify account section, it contains the profile of the user, contact information, the proof, and the option to reject or approve without needing to provide a reason.
  11. The admin performs a manual background check and approves or rejects the user.
  12. The alumnus is notified via email, and his/her account is unlocked.

Company

  1. The company HR enters the account registration page.
  2. The company HR selects "register as a company".
  3. The company HR is asked to enter the company name and create a password, and a username.
  4. The company HR finishes that and presses next.
  5. The company HR is led to a profile creation section for them to create their display profile (not all information should be required to fill out at first).
  6. The company HR is asked to provide proof of their company being legitimate, their contact information, and their company website (if any). The proof should be provided as a JPEG, PNG, or PDF file with a specific size only. (This one should be a required section in the profile creation page.)
  7. The alumnus finishes that and presses create.
  8. A new unverified user account is created. The company HR is redirected to a browse job page and logged into their account. However, they cannot post any job offer yet.
  9. The admin is notified of the new unverified user to be verified by them.
  10. When the admin clicks into the verify account section, it contains the profile of the user, contact information, the proof, and the option to reject or approve without needing to provide a reason.
  11. The admin performs a manual background check and approves or rejects the user.
  12. The company HR is notified via email, and his/her account is unlocked.

KU staff member

The staff accounts are registered by the admins.

Admin

The admin's account will be preregistered. Other admins can also add admin accounts.

Login

Job Seeker

A student with a KU account

  1. The student enters a login page.
  2. The student selects a "login as with a KU account" option.
  3. The student is redirected to Google OAuth.
  4. The student finishes authentication, and Google sends an approval to KU-Connect.
  5. The student's browser is given an access token and a refresh token. The student is redirected to the page they were on before entering the login page.

An alumnus without a KU account

  1. The alumnus enters a login page.
  2. The alumnus selects a "login with username" option.
  3. The alumnus enters his/her username and password. If the password or username is wrong, the system tells the user that the username or password is wrong.
  4. When the alumnus successfully authenticates, his/her browser is given an access token and a refresh token. The alumnus is redirected to the page they were on before entering the login page.

Company

  1. The company HR enters a login page.
  2. The company HR selects a "login with username" option.
  3. The company HR enters his/her username and password. If the password or username is wrong, the system tells the user that the username or password is wrong.
  4. When the company HR successfully authenticates, his/her browser is given an access token and a refresh token. The company HR is redirected to the page they were on before entering the login page.

KU staff member

  1. The KU staff member enters a login page.
  2. The KU staff member selects a "login with username" option.
  3. The KU staff member enters his/her username and password. If the password or username is wrong, the system tells the user that the username or password is wrong.
  4. When the KU staff member successfully authenticates, his/her browser is given an access token and a refresh token. The company HR is redirected to the page they were on before entering the login page.

Admin

  1. The admin enters a login page.
  2. The admin selects a "login with username" option.
  3. The admin enters his/her username and password. If the password or username is wrong, the system tells the user that the username or password is wrong.
  4. When the admin successfully authenticates, his/her browser is given an access token and a refresh token. The admin is redirected to the page they were on before entering the login page.

📝 KU Connect – Registration and Login Flows

User Type Registration Method Steps Result
Student (with KU account) Google OAuth (KU email) 1. Go to registration page 2. Select “Register with KU account” 3. Redirected to Google OAuth 4. Enter KU email & password 5. Fill minimal profile info Verified student account created Redirected to job browsing, logged in
Alumnus (no KU account) Username + Password 1. Go to registration page 2. Select “Register without KU account” 3. Enter name, surname, username, password (username checked for uniqueness) 4. Fill profile info 5. Upload proof of KU affiliation (JPEG/PNG/PDF, required) 6. Provide contact info 7. Submit form Unverified student account created Redirected to job browsing, logged in Admin notified for manual verification
Company HR Username + Password 1. Go to registration page 2. Select “Register as a company” 3. Enter company name, username, password 4. Fill profile info 5. Upload proof of legitimacy (JPEG/PNG/PDF, required) 6. Provide contact info and optional website 7. Submit form Unverified HR account created Redirected to job browsing, logged in Cannot post jobs until admin verifies Admin notified for manual verification
KU Staff Member Google OAuth (KU email) 1. Go to registration page 2. Select “Register as KU staff” 3. Redirected to Google OAuth 4. Enter KU email & password 5. Fill minimal profile info 6. Submit form Verified staff account created Redirected to job browsing, logged in
Admin Pre-registered 0. Initial admin account is pre-provided 1. The other admin goes to a create new user page. 2. Selects an option to add a new admin. 3. Create a new admin with a username and password. 4. Click create. Pre-registered admin account ready to log in via username/password
User Type Login Method Steps Result
Student (with KU account) Google OAuth (KU email) 1. Click “Login with KU account” 2. Redirected to Google OAuth 3. Enter KU email & password 4. Google approves → redirect back Verified student account Access + Refresh Token issued Redirect to previous page
Alumnus (no KU account) Username + Password 1. Click “Login with username” 2. Enter username + password 3. Backend checks credentials 4. Wrong → error, Correct → tokens issued Unverified until admin approves Access + Refresh Token issued Redirect to previous page
Company HR Username + Password 1. Click “Login with username” 2. Enter company username + password 3. Backend checks credentials 4. Wrong → error, Correct → tokens issued Unverified until admin approves Access + Refresh Token issued Redirect to previous page
KU Staff Member Username + Password 1. Click “Login with username” 2. Enter company username + password 3. Backend checks credentials 4. Wrong → error, Correct → tokens issued Verified staff account Access + Refresh Token issued Redirect to previous page
Admin Username + Password 1. Click “Login with username” 2. Enter admin username + password 3. Backend checks credentials 4. Wrong → error, Correct → tokens issued Pre-registered account Access + Refresh Token issued Redirect to previous page