github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-22 23:22:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1514 from hedgedoc/privateApi/auth/docs

Browse source 
docs: add documentation on private api authentication
This commit is contained in:
David Mehren 2021-09-13 19:48:00 +02:00 committed by GitHub
commit 8093fe4f74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
docs/content/dev/private-api-auth.md Normal file
View file

@ -0,0 +1,18 @@
# Private API Auth
## Supported kinds of authentication
- Username & Password (`local`)
- LDAP
- SAML
- OAuth2
- GitLab
- GitHub
- Facebook
- Twitter
- Dropbox
- Google
## How the authentication works
The backend is called directly from the frontend. The different routes that handle different kinds of authentication perform any kind of verification needed and then create a session cookie. This session cookie is than provided with each subsequent call to the private api by the frontend (until it expires or the user logs out). The SessionGuard, which is added to each other (appropriate) controller method of the private api, checks if the provided session is still valid and provides the controller method with the correct user.