| Client | Server |
|---|---|
| Oauth login to get auth code. | |
| Send auth code | Exchange auth code for token from UtahID and return it to client |
| Send user info to API login | |
| — all future requests — | |
| Sends access token header | Validate token with userinfo UtahID endpoint |
| Caches tokens in Firestore if they are not expired so that we don’t hammer userinfo endpoint. | |
| If access token is expired, send refresh token to server | exchanges refresh token for new access token |
| Client | Server |
|---|---|
| Oauth login (auto exchanges code for token on the front end) | |
| Get user props via google userinfo endpoint | |
| Send user info to API login | |
| — all future requests — | |
| Sends access token header | Validate token with userinfo google endpoint. |
| If access token is expired, kick off Oauth again. (I wonder if there is a refresh code that we could use rather than prompting for login again) |
| Client | Server |
|---|---|
| Oauth login | |
| Use FB API to get access token | |
| Get user info via graphQL FB api | |
| Send user info to API login | |
| — all future requests — | |
| Sends access token header | Validate token via graphQL /me endpoint |
| FB API takes care of refreshing token for us |
| Client | Server |
|---|---|
| Login returns auth code, identity token, and user email/name on first request | |
| Send auth code & identity token | Verify identity token, exchange code for access token |
| Send user info to API login | |
| — all future requests — | |
| Send id token header | Check that it matches cached version from auth code exchange above or a cached refresh token |
| If expired, request new token from server | Use cached refresh token to get a new id token |