HTTP Authentication

Json Web tokens (JWT) have been utilized for authentication purposes. These tokens, which have been signed using a private key, enable the backend to verify the token without the need for it to communicate with the user pool for every request.

The following diagram represents the flow of the authentication process:

Authentication

  1. User sign-in using username and password
  2. The information is checked against the user pool on HungerRush
  3. Upon verification of the user credentials, HungerRush returns a user payload
  4. If the validation is successful, a JWT token is generated using a private key
  5. An HTTP endpoint is triggered by including the JWT in the header
  6. The JWT is then validated using a public key
  7. The endpoint returns a payload.