Skip to main content

Authentication Service

Goal

The goal of the authentication service is to handle different user functionalities regarding the authenticity of the user, such as logging in and registering. It additionally provides any data/cached data associated with the current logged-in user.

Current Setup

The authentication service can be found at AnScealai/ngapp/src/app/authentication.service.ts. It is initialised in the constructors of many different components throughout the codebase.

In addition to the functions this service provides, it also defines many different interfaces1 used to shape and define the different types of data used throughout the service and codebase. These types are described in the following section.

Interfaces

  • UserDetails are used throughout the codebase to get simple facts about the user in a given component, such as the user’s username or role. The data comes from the user token stored in local storage (cache).

auth-service-image-01

  • TokenResponse is used to define the data that is returned from certain requests to the DB. These token responses are then stored in local storage. This way users can stay logged into their accounts for a certain period of time before having to log back in again. This interface is only used in this service.

auth-service-image-02

  • TokenPayload contains a subset of the data as defined in UserDetails. It contains the payload data for a JWT token necessary for logging in, so it is used in the login component2 as well as in this service.

auth-service-image-03

  • VerifyEmailRequest is used for storing data necessary for verifying the email of an older account that has not yet been verified. It is used in the login component as well as in this service.

auth-service-image-04

  • LoginTokenPayload is used in the login component to define user credentials after logging in.

auth-service-image-05

  • RegistrationTokenPayload is used in the register module3 to define user credentials after registration.

auth-service-image-06

JSON Web Tokens

An Scéalaí uses JSON Web Tokens4 (JWTs) for maintaining a certain user state. For example, these tokens are used to keep the user logged in for a certain period of time. They are also used for security reasons to verify the authenticity of requests to the backend. These tokens are stored in local storage5 (or cache), which means the data is still available even after the page session has ended (unless in private browsing or incognito mode). This data is stored as a key-value pair, where the key is the name used to access the data, and the value is the data itself, encrypted. For storing user tokens, we use key scealai-token. In addition to generic user information, these tokens also contain an expiry date. The token therefore is removed from storage after its expiry date is past. You can view this token in browser developer tools for a given user after logging in.

auth-service-image-07

Example of local storage token (encrypted) from the Chrome inspection window (⌘ + i). Navigate to Application –> Storage –> Local Storage to view

When decrypted, the payload part of the token contains the following user data:

{
_id: ‘63ebc796616dbd563da1c546’
username: ‘Dalta1’
role: ‘STUDENT’
language: ‘ga’
exp: 1678880023.384
iat: 1678275223
}

Footnotes

  1. TypeScript interfaces: https://www.typescriptlang.org/docs/handbook/interfaces.html

  2. Login component documentation

  3. Register module documentation

  4. JWT quick guide: https://jwt.io/introduction

  5. Local storage: https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage