ff
In order to use this service as a user, I want to sign in the service.
Acceptance criteria
APIs should meet the followings:
- Given an email and a password an unauthenticated user input
- When the user signs in
-
Then it should find a user whose an email equals to the input email.
- When it doesn't exist
- Then it should throw an error.
- When the one user is found
- See Aegr fef
- When it doesn't exist
-
Then it should find a user whose an email equals to the input email.
- When the user signs in
- Given a valid authentication token
- When the user visits some page or calls some API, where only authenticated users can access
- Then it should authenticate the user, and issue a new token or update the existing token if it's required.
- When the user visits some page or calls some API, where only authenticated users can access
- Given an invalid authentication token
- When the user visits some page or calls some API, where only authenticated users can access
- Then it should throw an error.
- When the user visits some page or calls some API, where only authenticated users can access
A.
-
Then it should encrypt the input password and compare it with the found user's encrypted password.
- When they are not the same
- Then it should throw an error.
- When they are the same
- Then it should authenticate the user, issue an authentication token and return it.
- When they are not the same
You should do:
- Specify the APIs for the client developer to use.
Note
- There is no information yet about the expire date of the token.
- The client might require to allow signing in with other unique field later.