Login System - OsnaCS/munchmate GitHub Wiki
Register
Client: { username [, email] }
Server: { user_salt }
Client: { hash(user_salt + hash(ANDROID_ID)) }
// Server saves user_salt + tagged auth-hash (1) in DB
Server: { "Success" }
// Client saves user_salt + username [+ email]
Login
Client: { username, hash(user_salt + hash(ANDROID_ID)) }
Server: { Auth-Token, TTL }
API
Client: { Request, Auth-Token }
(1) => Tagged means to prepend a security version like "ANDROIDv1:" to the auth-hash