Austin's SWE Notes 😭

    Stateless Authentication Flow

    sequenceDiagram
    participant User
    participant Client(App)
    participant AuthServer

    User ->> Client(App): Login (username/password)
    Client(App) ->> AuthServer: Send credentials
    AuthServer -->> Client(App): Access Token + Refresh Token

    Note over Client(App): Store Access Token + Refresh Token

    Client(App) ->> AuthServer: Access resource (send Access Token)
    AuthServer -->> Client(App): Valid → Return data

    Note over Client(App): Access Token expires

    Client(App) ->> AuthServer: Send Refresh Token (POST /auth/refresh)
    AuthServer -->> AuthServer: Validate Refresh Token
    alt Refresh Token valid
        AuthServer -->> Client(App): New Access Token (maybe new Refresh Token)
    else Invalid/Expired
        AuthServer -->> Client(App): 401 Unauthorized → Force re-login
    end

    We have Access Token would last around 10 mins and Refresh token would last around 7 days.

    ← Redis Vs Memcache
    Streaming Vs Message Queue →