Login System - OsnaCS/munchmate GitHub Wiki

Register

Client: { username [, email] }
Server: { user_salt }
Client: { hash(user_salt + hash(ANDROID_ID)) }
// Server saves user_salt + tagged auth-hash (1) in DB
Server: { "Success" }
// Client saves user_salt + username [+ email]

Login

Client: { username, hash(user_salt + hash(ANDROID_ID)) }
Server: { Auth-Token, TTL }

API

Client: { Request, Auth-Token }

(1) => Tagged means to prepend a security version like "ANDROIDv1:" to the auth-hash