User Authentication - ChrispyPeaches/FocusFriends GitHub Wiki

User Authentication/Authorization

Definition

  • Authentication is a process that verifies a user's identity.
  • Authorization is a process that verifies a user's permissions.

Auth0

Definition

  • Auth0 is a package/3rd party service that facilitates the process of user identity verification and authentication.

How is this implemented?

Frontend implementation

  • The once the app is launched, the user is prompted with a page that says "Login/Signup" or the option to skip this process and "Continue without Login"
  • Once the user taps on "Login/Setup", Auth0 redirects the users to a webpage for authentication.
  • The user is able to use Email/Password authentication, or Google SSO.

Backend implementation

  • Domain, ClientID, and scope are all declared in MAUI program

image

  • The Auth0 client is called and uses a singleton to pass through data (ex. sessionTokens) to check if a user is signed in

  • The WebAuthenticatorCallbackActivity allows the app to properly redirect during the application process

image

  • The users are able to be modified and have authorization added if needed via Auth0 GUI on their webpage.
  • This is also where metadata can be stored and accessed for users

image

FocusFriends Backend Implementation

  • After using the Auth0 authentication, the user's data is then saved to the FocusFriends backend server, and retreived via API calls.

User Login Page Paths drawio editable drawio file.svg

GetUserLogin Mediatr Feature editable drawio file.svg

Tab Navigation Flow editable drawio file.svg

Purpose of sign in

  • To be implemented -> All features will be locked behind the user sign in to properly keep track of data for social feature implementation.
  • Users without an account will not be able to access any features besides the basic timer.
  • Authorization allows us to check which features users have unlocked

Skipping Authentication

If a user chooses to use the app without signing in, they will be unable to access the shop and social pages. This is enforced via a popup that cannot be dismissed by a click, and will force the user to choose between going to the timer page, or logging in.

Image atteched:

If the user selects "No thanks!"m they are brought to the timer page. If the user selects "Log in / Sign up!", they are brought to the login page.