diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-12-30 19:45:01 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-12-30 19:45:01 +0200 |
commit | 611001c38333e36df94759a58bddfea6bdab5ae7 (patch) | |
tree | 7529aabf0eb256b1852fe3eb3eef86f95285cec6 | |
parent | 9298ba97f2e5981c4bf11a0e47713df187d480e7 (diff) | |
download | effireg-website-611001c38333e36df94759a58bddfea6bdab5ae7.tar.gz |
Add: note that effiweb keeps token
-rw-r--r-- | architecture.mdwn | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/architecture.mdwn b/architecture.mdwn index 57f4fc3..5d6f07c 100644 --- a/architecture.mdwn +++ b/architecture.mdwn @@ -51,7 +51,9 @@ End-users are authenticated using the [OpenID Connect][] protocol, specifically the authorization code flow. In this flow, Qvisqve provides cryptographically signed access tokens, which identify the user and specify a list of things the user may do. The signature -guarantees the token comes from Qvisqve. +guarantees the token comes from Qvisqve. To prevent the access token +from leaking to the browser, effiweb keeps the token, and also manages +user sessions. Non-interactive API clients are authenticated using the [OAuth2][] protocol, specifically using client credential grants. This also |