I signed in with my Google account. I was looking at the cookies kbin sets and the user token REMEMNERME is only set to last for one week.

Does this mean I have to religion after a week?

If not, how does kbin know to keep me logged in after the REMEMBERME cookie expires?

  • bocian67@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I don’t know how kbin login works and I didn’t tested it, but here are my thoughts: the single sign on (like login with google) mostly works using the oauth2 workflow. You can use your favorite search engine and look for a nice wall of text for how it works. But basically the identity server (google) approves that you are who you said you are, and kbin uses an access token, for example a JWT token which includes your user information and the issuer, here Google. Kbin can ask Google for validity of the contents of that token, which kbin can approve against Google. So now you are logged into kbin using Google. This token has an expiration, and after that you have to login again. But since this is very inconvenient, there is also a refresh token. Using this token, google with give you a new valid access token with an expiration from now to whatever, let’s say a week. This process happens in the back and is silent, so it works without entering your credentials, if it refreshes before expiration. If you don’t login into kbin in that time window, you will probably have to enter your credentials again, because the tokens expired. Keep in mind that this summary is not very accurate since it’s very simplified and describes the oauth2 process, not specifically what kbin and google are doing.