You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This task involves replacing the existing PassportJS-based authentication mechanism in our backoffice application with SuperTokens, focusing on the email and password strategy. This includes updating the authentication endpoints, session management, and integrating role-based access control specific to backoffice functionalities.
Acceptance Criteria
The backoffice application uses SuperTokens for all authentication processes.
Existing sessions are migrated to SuperTokens sessions, ensuring no user is logged out due to the transition.
The application maintains its role-based access control, with roles now managed via SuperTokens.
Comprehensive testing is conducted to ensure the authentication flow, session management, and role-based access control work seamlessly.
Implementation Instructions
1. Update Authentication Endpoints
Replace the PassportJS authentication logic in the login and logout endpoints with SuperTokens' SDK methods.
Ensure the login endpoint creates a session using SuperTokens and returns session tokens to the client.
Update the logout endpoint to revoke sessions using SuperTokens.
2. Session Management
Integrate SuperTokens middleware for session verification in the backoffice app. Ensure all protected routes check for a valid SuperTokens session.
Configure session parameters (like expiry, refresh intervals) in line with existing session management policies.
3. Role-Based Access Control (RBAC)
Map existing user roles to SuperTokens' roles system. Implement any necessary logic to assign roles to users upon login or registration.
Update the RBAC middleware to use SuperTokens' session data for determining a user's roles and permissions.
4. Migration Plan for Existing Sessions
Develop a strategy to migrate existing user sessions to SuperTokens. This may involve a script or a temporary dual-authentication system to smoothly transition users without forcing logouts.
5. Testing
Write unit and integration tests for the new authentication endpoints and session management logic.
Test role-based access control in various scenarios to ensure correct permissions are enforced.
Perform manual testing to cover the entire login, logout, and access control flow in the backoffice application.
Remember to secure all environment variables and sensitive configuration details. Ensure backward compatibility where necessary, and provide clear documentation for any changes in the authentication flow or session management to assist with front-end adjustments.
The text was updated successfully, but these errors were encountered:
Task Description
This task involves replacing the existing PassportJS-based authentication mechanism in our backoffice application with SuperTokens, focusing on the email and password strategy. This includes updating the authentication endpoints, session management, and integrating role-based access control specific to backoffice functionalities.
Acceptance Criteria
Implementation Instructions
1. Update Authentication Endpoints
2. Session Management
3. Role-Based Access Control (RBAC)
4. Migration Plan for Existing Sessions
5. Testing
Resources
Notes
Remember to secure all environment variables and sensitive configuration details. Ensure backward compatibility where necessary, and provide clear documentation for any changes in the authentication flow or session management to assist with front-end adjustments.
The text was updated successfully, but these errors were encountered: