I am reading the docs in the Stormpath website. They have documentation about how to create account, application...
But I cannot find the overview the big picture of the Stormpath
especially how can my web application can integrate with it.
I need a picture that describe the flow of the authentication between my Web Server, browser, and stormpath API.
I have a web application and a login page.
My specific questions are:
- When a user clicks the submit button of the login page, should I call the RestAPI to Stormpath to authenticate or I need to send username and password to my web server, and web server will send it to Stormpath to authenticate?
- If when a user clicks the submit button and I need to call the RestAPI of Stormpath from JavaScript, after login successfully do I have a returned Access token? And what can I do with that token.
Please help me.
Heyo -- I work at Stormpath, so hopefully I can explain this for you a bit.
If you're building a website, and storing your users with Stormpath, here's how authentication works:
- A user visits your website, and clicks the login page.
- You show a login page and collect the user's email and password (or username).
- The user clicks Login, and that form data is transferred to your web server (not Stormpath!).
- On your server-side code, you would then use one of the Stormpath libraries to authenticate the user's account. You would take the form data the user submitted to your server, and then call the proper Stormpath method to authenticate the user.
- Stormpath will log this user in, by creating an access and refresh token, and securely storing cookies for your user in the browser.
This is how the flow typically works.