this post was submitted on 09 Jul 2023
15 points (100.0% liked)
Programming
13370 readers
2 users here now
All things programming and coding related. Subcommunity of Technology.
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't know how kbin login works and I didn't tested it, but here are my thoughts: the single sign on (like login with google) mostly works using the oauth2 workflow. You can use your favorite search engine and look for a nice wall of text for how it works. But basically the identity server (google) approves that you are who you said you are, and kbin uses an access token, for example a JWT token which includes your user information and the issuer, here Google. Kbin can ask Google for validity of the contents of that token, which kbin can approve against Google. So now you are logged into kbin using Google. This token has an expiration, and after that you have to login again. But since this is very inconvenient, there is also a refresh token. Using this token, google with give you a new valid access token with an expiration from now to whatever, let's say a week. This process happens in the back and is silent, so it works without entering your credentials, if it refreshes before expiration. If you don't login into kbin in that time window, you will probably have to enter your credentials again, because the tokens expired. Keep in mind that this summary is not very accurate since it's very simplified and describes the oauth2 process, not specifically what kbin and google are doing.