Skip to main content

User Authentication

When a user attempts to log into the system, the provided password is securely transmitted to the backend server for validation. This process is designed to ensure that user credentials remain protected and that unauthorized access is prevented.

Password Encryption

To enhance security, user passwords are stored in the database using SHA256 encryption. This cryptographic hash function takes the user's password and transforms it into a fixed-length string of characters, which is then saved in the database. During login, the server performs the same SHA256 hashing operation on the input password and compares it with the stored hash. This means that the actual password is never stored or transmitted in plain text, significantly reducing the risk of sensitive information being compromised.

Session Management

The server employs session management to maintain the user's login status throughout their interaction with the application. Once a user is authenticated, a session is created on the server. This session serves as a temporary store of the user's data and login state. Each time the user makes a request to the server, the session is referenced to retrieve the user's information. It’s important to note that user information is not stored on the frontend; instead, it is dynamically retrieved from the backend as needed. This approach ensures that sensitive user details are kept secure and are not exposed to client-side vulnerabilities.

Additional Security with OTP

For enhanced security, some users may be required to provide a One-Time Password (OTP) when logging into the site. This additional layer of verification is particularly useful for accounts that have elevated permissions or sensitive data access. The OTP is typically sent to the user's registered mobile device or email, ensuring that even if someone has access to the user's password, they would still need the OTP to complete the login process. This method helps in mitigating the risks associated with stolen credentials.

OAuth2.0 Integration

In addition to traditional login methods, our system supports GitHub OAuth2.0 for users who prefer a more streamlined login experience. This Single Sign-On (SSO) feature allows users to authenticate via their GitHub account, eliminating the need to create and manage a separate password for the application. By integrating OAuth2.0, users can benefit from the security and convenience that comes with using an established authentication provider. This means users can log in quickly while still ensuring that their data remains secure.

Conclusion

The authentication mechanism implemented in this application combines robust password encryption, efficient session management, optional OTP verification, and integration with GitHub OAuth2.0 to create a secure and user-friendly login experience. By following best practices in user authentication, we ensure that users can access their accounts safely while keeping their sensitive information protected from unauthorized access.