Skip to content

Improve the documentation and the auth flow #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Kalemeeracollins wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Improve the documentation and the auth flow #51

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,14 @@ GreenCode/
└── docker-compose.yml # Docker orchestration


## 🔐 Authentication

Detailed authentication flow documentation is available here:

👉 docs/auth-flow.md

This includes:
- Login process
- Token usage
- Password reset flow
- Request and response examples
104 changes: 104 additions & 0 deletions docs/auth-flow.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
# 🔐 Authentication Flow

This document explains how authentication works in BOS and how frontend and backend systems interact using JWT/OAuth.

---

## 📌 Overview

BOS uses token-based authentication (JWT/OAuth) to secure API endpoints.
Users must authenticate to receive a token, which is then used to access protected resources.

---

## 🔑 Login Flow

### Description
Users provide credentials to log in and receive an authentication token.

### Endpoint
POST /api/auth/login

### Request Example
- Method: POST
- URL: /api/auth/login
- Body:
- email: user@example.com
- password: password123

### Response Example
- Status: Success
- Data:
- token: abc123xyz
- user:
- id: 1
- name: John Doe

---

## 🎟️ Token Usage

### Description
After login, the client must include the token in all protected requests.

### How to Use Token
- Add token in request headers
- Format:
Authorization: Bearer <token>

### Example Request
- Method: GET
- URL: /api/users
- Header:
Authorization: Bearer abc123xyz

### Response Example
- Status: Success
- Data: List of users

---

## 🔄 Password Reset Process

### Step 1: Request Password Reset

**Endpoint:** POST /api/auth/forgot-password

**Request Example:**
- email: user@example.com

**Response Example:**
- Status: Success
- Message: Password reset link sent

---

### Step 2: Reset Password

**Endpoint:** POST /api/auth/reset-password

**Request Example:**
- token: reset_token_here
- new_password: newpassword123

**Response Example:**
- Status: Success
- Message: Password reset successful

---

## 🔐 Authentication Notes

- Tokens may expire after a certain time
- Expired tokens require re-login
- Always keep tokens secure on the client side

---

## 📌 Summary

- Login → Receive Token
- Use Token → Access Protected APIs
- Reset Password → If user forgets credentials

This flow ensures secure communication between frontend and backend systems.