mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 03:06:31 -05:00
docs: add documentation on private api authentication
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
faacfc067f
commit
d6be1cc6bb
1 changed files with 18 additions and 0 deletions
18
docs/content/dev/private-api-auth.md
Normal file
18
docs/content/dev/private-api-auth.md
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Private API Auth
|
||||
|
||||
## Supported kinds of authentication
|
||||
|
||||
- Username & Password (`local`)
|
||||
- LDAP
|
||||
- SAML
|
||||
- OAuth2
|
||||
- GitLab
|
||||
- GitHub
|
||||
- Facebook
|
||||
- Twitter
|
||||
- Dropbox
|
||||
- Google
|
||||
|
||||
## How the authentication works
|
||||
|
||||
The backend is called directly from the frontend. The different routes that handle different kinds of authentication perform any kind of verification needed and then create a session cookie. This session cookie is than provided with each subsequent call to the private api by the frontend (until it expires or the user logs out). The SessionGuard, which is added to each other (appropriate) controller method of the private api, checks if the provided session is still valid and provides the controller method with the correct user.
|
Loading…
Reference in a new issue