User Authentication
- Authentication is a process that verifies a user's identity.
- Authorization is a process that verifies a user's permissions.
- Auth0 is a package/3rd party service that facilitates the process of user identity verification and authentication.
- The once the app is launched, the user is prompted with a page that says "Login/Signup" or the option to skip this process and "Continue without Login"
- Once the user taps on "Login/Setup", Auth0 redirects the users to a webpage for authentication.
- The user is able to use Email/Password authentication, or Google SSO.
- Domain, ClientID, and scope are all declared in MAUI program
-
The Auth0 client is called and uses a singleton to pass through data (ex. sessionTokens) to check if a user is signed in
-
The WebAuthenticatorCallbackActivity allows the app to properly redirect during the application process
- The users are able to be modified and have authorization added if needed via Auth0 GUI on their webpage.
- This is also where metadata can be stored and accessed for users
- After using the Auth0 authentication, the user's data is then saved to the FocusFriends backend server, and retreived via API calls.
- To be implemented -> All features will be locked behind the user sign in to properly keep track of data for social feature implementation.
- Users without an account will not be able to access any features besides the basic timer.
- Authorization allows us to check which features users have unlocked
If a user chooses to use the app without signing in, they will be unable to access the shop and social pages. This is enforced via a popup that cannot be dismissed by a click, and will force the user to choose between going to the timer page, or logging in.
Image atteched:
If the user selects "No thanks!"m they are brought to the timer page. If the user selects "Log in / Sign up!", they are brought to the login page.