-
Notifications
You must be signed in to change notification settings - Fork 27
Authentication design
Will Thomson edited this page Nov 22, 2019
·
2 revisions
-
mSupply Mobile authentication can refer to:
- Sync authentication: authenticate a site for synchronising data.
- User authentication: authenticate a user for store login.
-
Sync credentials consist of:
- Sync site URL.
- Sync site name.
- Sync site password.
-
Sync authentication is only done once for each installation, with credentials remembered for all future login sessions.
-
Before authenticating, the mSupply site must be setup according to the server configuration guide.
-
Server authentication is done using the
authenticateAsync
utility provided by the sussol-utilities package. -
The server will respond to a successful authentication with details about the sync site and store to be saved in local storage, including:
- Server ID.
- Site ID.
- Store ID.
- Name ID.
- Supplying store ID.
- Supplying store name ID.
-
On successful authentication, an initial sync is triggered to retrieve store and sync site data.
-
User credentials consist of:
- User username.
- User password.
- User authentication is required for each login, or if re-authentication fails.
- If a user has logged in before, the username field will be prefilled with the last successfully logged in user, the password will always be blank (for security reasons, there is no 'remember me').
- If the device can connect to the server, authentication is performed remotely. If authentication is successful, the local database will be updated with the validated credentials.
- In case of a connection error during authentication, the entered user crendentials will be deleted from local storage. This is required for security reasons and to prevent caching of incorrect credentials.
- The server is polled every 10 minutes to reauthenticate user credentials (this is required in order to remotely disable users).
- If the device cannot connect to the server (for example, if no internet access is available), a user can be authenticated locally (this requires credentials to have been previously validated by the server).
- Local authentication requires the user password to match the most recently validated credentials.