Add: note that effiweb keeps token

author: Lars Wirzenius <liw@liw.fi> 2018-12-30 19:45:01 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-12-30 19:45:01 +0200
commit: 611001c38333e36df94759a58bddfea6bdab5ae7 (patch)
tree: 7529aabf0eb256b1852fe3eb3eef86f95285cec6
parent: 9298ba97f2e5981c4bf11a0e47713df187d480e7 (diff)
download: effireg-website-611001c38333e36df94759a58bddfea6bdab5ae7.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/architecture.mdwn b/architecture.mdwn
index 57f4fc3..5d6f07c 100644
--- a/architecture.mdwn
+++ b/architecture.mdwn
@@ -51,7 +51,9 @@ End-users are authenticated using the [OpenID Connect][] protocol,
 specifically the authorization code flow. In this flow, Qvisqve
 provides cryptographically signed access tokens, which identify the
 user and specify a list of things the user may do. The signature
-guarantees the token comes from Qvisqve.
+guarantees the token comes from Qvisqve. To prevent the access token
+from leaking to the browser, effiweb keeps the token, and also manages
+user sessions.
 
 Non-interactive API clients are authenticated using the [OAuth2][]
 protocol, specifically using client credential grants. This also
author	Lars Wirzenius <liw@liw.fi>	2018-12-30 19:45:01 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-12-30 19:45:01 +0200
commit	611001c38333e36df94759a58bddfea6bdab5ae7 (patch)
tree	7529aabf0eb256b1852fe3eb3eef86f95285cec6
parent	9298ba97f2e5981c4bf11a0e47713df187d480e7 (diff)
download	effireg-website-611001c38333e36df94759a58bddfea6bdab5ae7.tar.gz