Under the hood

How our authentication works?

When a user visits your frontend application, your frontend can make a request to Authdog services to determine if the current user is logged in.

TL;DR


When a user visits your frontend application, your frontend can make a request to Authdog to determine if the current user is logged in, and retrieve its user information. If the user is logged in, you will receive a JSON Web Token (JWT) access token and the user’s metadata. Once you have the user’s access token, your backend can validate and identify the token’s owner. This validation is done on your backend, interacting with Authdog Edge Identity services. Access tokens life is determined via JWT Manager module in Authdog Console, once the token expires, the user will be logged out of your application.

How to block a user?

Since JWT tokens are stateless, there is no way to invalidate a token dynamically. However, if you want to block a user from accessing your application. You can do it in two steps:
  • Block the user in Authdog Console in Access Management module
  • Rotate your signin keys in Authdog Console in JWT Manager module
This will force all users to reauthenticate and generate a new token, the user that was blocked will not be able to generate a new token and will be redirected to an error page instead.

  Prev

Hosted Pages

  Next

Access tokens

Get Started

What is Authdog?
Open Source
Discord

Resources

Documentation
Platform Status
Whitehat Program

Misc

Terms of Service
Privacy Policy
Contact
Logo

© 2023 Authdog LLC. All rights reserved.