Set up users and auth with JWT
Opened this issue · 0 comments
CHATALOT1 commented
- SeaORM and serde compatible implementation of
User
(described below) to be used with listed endpoints - Endpoints
- Create user
- Login (serves JWT with expiry)
- Delete user
- Invalidate Session/Logout/Invalidate all sessions
- Change password
- Include password hashing with (probably) bcrypt
- Use SeaORM and postgres
- Client implementation for all endpoints above
- Extractor for processing JWT
User includes:
- Unique username
- ID
- Hashed password
- Last login timestamp
- Display name
- User created timestamp
- Last invalidate all sessions timestamp
Auth JWT claims include
- iat (Issued at)
- exp (Expiration time)
- sub (contains User ID of the user)