Auth flow - nuthanc/microservice GitHub Wiki

Signup flow

• From React App(client Next) send email and password while Signing Up
• Auth service
  • Does a User with this email already exist?(Checking with db) If so, respond with error
  • Can't store passwords in plain text! Hash the password entered
  • Create a new User and save them to MongoDB
  • User is now considered to be logged in. Send them a cookie/jwt/something as Response

Signup flow in the App

• User clicks on Sign Up
• Sign Up page loads(/auth/signup)
• Enter Email Address and Password, and submit
• Submission goes to Auth's service /api/users/signup
• Validation of email and password is done
• Check for existing User in database
  • If User exists send BadRequestError(Status code of 400)
• Save User in database
  • The password is hashed while saving in Pre-save hook
• Generate JWT using jwt.sign

const userJwt = jwt.sign(
      {
        id: user.id,
        email: user.email,
      },
      process.env.JWT_KEY!
);

• Store JWT on the session(req.session) object

req.session = {
      jwt: userJwt,
};

• Send 201 status along with the User created