Add: facade session storage

author: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:44:54 +0300
committer: Lars Wirzenius <liw@liw.fi> 2019-03-31 18:44:54 +0300
commit: 05ddf6055613df102072a5c667d698dfb44bef43 (patch)
tree: 5fc35be8f2f9bd8a0c3781fc88d9e0d61de14de6 /yuck.mdwn
parent: e834dde50717f577f27f3de6c87d73eeb2e1239d (diff)
download: ick.liw.fi-05ddf6055613df102072a5c667d698dfb44bef43.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/yuck.mdwn b/yuck.mdwn
index 352ccd9..67c185a 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -290,6 +290,13 @@ be able to support any store that supports the following:
 * objects can be search for, based on any field defined below, using
   case-independent equality or comparison to a pattern
 
+The facade will need to store user login session data, such as the
+access and refresh tokens for the user. It will store these in some
+secure manner that prevents them from leaking to an attacker, such as
+in memory only. It may store them (possibly encrypted) in Muck
+instead, if this is needed to allow the facade to be restarted without
+breaking sessions, or to run multiple copies of the facade.
+
 ### A user
 
 A user resource represents the user. It's object ID is used to
author	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:44:54 +0300
committer	Lars Wirzenius <liw@liw.fi>	2019-03-31 18:44:54 +0300
commit	05ddf6055613df102072a5c667d698dfb44bef43 (patch)
tree	5fc35be8f2f9bd8a0c3781fc88d9e0d61de14de6 /yuck.mdwn
parent	e834dde50717f577f27f3de6c87d73eeb2e1239d (diff)
download	ick.liw.fi-05ddf6055613df102072a5c667d698dfb44bef43.tar.gz