Single-User Password Token

From nuBuilderForte
Revision as of 13:44, 13 June 2024 by Kev1n (talk | contribs) (Single-User Password Token)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Single-User Password Token

The purpose of the single-use token system in nuBuilder is to enhance security, particularly in scenarios where you might need to perform automated logins or grant temporary access to the system without exposing permanent passwords. This article outlines the key purposes and use cases for this system.

Purpose of the Token System

Enhanced Security

  • Temporary Access: Tokens provide a secure way to grant temporary access to users. Once used, the token is invalidated, minimising the risk of unauthorised access if the token is intercepted.
  • No Password Exposure: By using tokens instead of passwords, you avoid exposing permanent credentials in URLs or other potentially insecure places.

Automated Processes

  • Auto-Login: Useful for systems that need to automatically log users in, such as background processes or integration with other applications.
  • Single Sign-On (SSO): Integrate nuBuilder with other authentication systems, allowing users to log in once and gain access to multiple systems.

User Experience

  • Passwordless Login: Simplifies the login process for users by providing a secure link or token to log in without remembering their password.
  • One-Time Actions: Facilitates one-time actions like password resets, email verifications, or accessing specific resources.

Use Cases

Automated Workflows

  • Another system can generate a token, store it in the nuBuilder database, and provide a link for the user to access nuBuilder directly without additional authentication steps. This is useful for systems that need to transition users between platforms seamlessly.

Temporary Access Links

  • Create temporary access links for users to perform specific tasks. For example, an admin can send a user a link to approve a document or complete a form, with the link expiring after one use.

Secure API Access

  • Allow external systems to authenticate with nuBuilder using single-use tokens, providing a secure way to interact with the system programmatically without exposing long-term credentials.

Setting the Token

Token Generation on Another System

  • Pseudo-code Example:
// On the external system
$token = generateSecureToken();
$user_id = '5f958ad8b8c613d';
$sus_json = json_encode(['LOGIN_TOKEN' => $token]);
db_update('zzzzsys_user', 'zzzzsys_user_id', $user_id, ['sus_json' => $sus_json]);


Conclusion

The single-use token system in nuBuilder is designed to improve security and flexibility in user authentication. By leveraging tokens, you can securely implement auto-login, temporary access, and integration with other systems without exposing passwords or permanent credentials.

Retrieved from "https://wiki.nubuilder.cloud/index.php?title=Single-User_Password_Token&oldid=3734"