From bf3ec53c783072e9ff52a77f97a39f163a14b59a Mon Sep 17 00:00:00 2001
From: Philip Molares <philip.molares@udo.edu>
Date: Sun, 8 Aug 2021 20:21:16 +0200
Subject: [PATCH] docs: add documentation on private api authentication

Signed-off-by: Philip Molares <philip.molares@udo.edu>
---
 docs/content/dev/private-api-auth.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 docs/content/dev/private-api-auth.md

diff --git a/docs/content/dev/private-api-auth.md b/docs/content/dev/private-api-auth.md
new file mode 100644
index 000000000..7db5f0087
--- /dev/null
+++ b/docs/content/dev/private-api-auth.md
@@ -0,0 +1,18 @@
+# Private API Auth
+
+## Supported kinds of authentication
+
+- Username & Password (`local`)
+- LDAP 
+- SAML
+- OAuth2
+- GitLab
+- GitHub
+- Facebook
+- Twitter
+- Dropbox
+- Google
+
+## How the authentication works
+
+The backend is called directly from the frontend. The different routes that handle different kinds of authentication perform any kind of verification needed and then create a session cookie. This session cookie is than provided with each subsequent call to the private api by the frontend (until it expires or the user logs out). The SessionGuard, which is added to each other (appropriate) controller method of the private api, checks if the provided session is still valid and provides the controller method with the correct user.