Refactor token authentication to cookie/session-based auth instead

The currently implemented token-based per-request authentication has a high rate of failure within Hasiru Dala's slow network. This could be changed to session-based auth i.e. user signs into Google -> sends token to /login endpoint -> start user session and use JSESSIONID and CSRFTOKEN for subsequent authorisations.

TODOS:
- [ ] Create a /login endpoint which would start a user session based on GoogleId Token received from client
- [ ] Enable CSRF protection
- [ ] Make necessary changes in SecurityConfiguration and related files

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Refactor token authentication to cookie/session-based auth instead #22

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Refactor token authentication to cookie/session-based auth instead #22

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions