Reputation: 27
Looking for Advice on My Auth API Flow Design
I’m working on setting up an authentication flow that involves multiple endpoints called by another API to handle login and password reset processes. I need to consolidate these steps into a coherent flow for my app as a client.
Here are the main endpoints I gathered from the documentation:
sendLoginValidateCode: Sends an OTP for both login and password reset.
validatePassword: Checks if the provided password is correct.
validateLogin: Logs in the user with their username, password, and OTP.
validateResetPassword: Updates the password using a new password and username.
I’ve structured my methods like this:
async Login({ username, password, otp }) {
await validatePassword(username, password); // Checks username and password
await sendLoginValidateCode(username, { type: "login" }); // If validatePassword is successful, sends OTP
await validateLogin(username, password, otp); // Authenticates with OTP
}
After setting up my API with nested endpoints, I plan to use it within my app as a client.
Could you suggest any improvements or provide feedback on how to optimize this flow? Any advice would be appreciated!
Thanks!
Upvotes: 0
Views: 26
Answers (0)
Related Questions
- Authentication with a password and access + refresh tokens
- Confused about which type of OAuth2 flow to implement for our web app to web app communication
- Is this a valid use-case for the Resource Owner flow?
- Laravel/Angular "Password Expired" auth flow
- Oauth2 flow to request a token using Facebook uid for credentials
- How to do authentication with a single page app and API backend?