Login Flows Overview
Learn how Pangea's AuthN works
The result of user authentication using AuthN is a pair of tokens, an active
token and a refresh
token, that your application receives as confirmation of an active user session in your Pangea project. The response from Pangea also includes user profile information.
After the user has been authenticated, your application can track the user's session locally using cookie-based session management and check for a session cookie in requests to login-protected areas.
Alternatively, your application can include cryptographically signed tokens in the Authorization header in requests sent to protected resources.
To keep user sessions in your application and at Pangea in sync, your application can use the token values to periodically check and renew the user session at Pangea.
Active token
The active token serves as an access token used to access login-protected areas in your application.
-
The active token value can be an opaque string that you use to check for an active user session in your Pangea project using AuthN APIs.
-
Alternatively, via a setting in the Pangea User Console, the token value can be a standard cryptographically signed JSON Web Token (JWT). A signed JWT can serve as an authoritative source of claims about the user and as confirmation of user authentication to Pangea. A valid JWT can be used for user identification in requests to login-protected areas in your application. Additionally, a non-decoded JWT value can be used to validate the user session at Pangea using AuthN APIs, just like an opaque active token value.
In the Pangea User Console, you can specify the lifespan of active tokens. Typically, active tokens are short-lived. After they expire, you can renew them using the refresh token.
Refresh token
The refresh token is used to renew an expired active token. When the refresh token expires, the user must re-authenticate. Thus, refresh tokens can be long-lived, present a high security risk if leaked, and should be handled with great care.
Integration options
You can implement login functionality in your application with AuthN by using Pangea's Hosted Login or by direct interactions with the login flow APIs.
Was this article helpful?