Skip to main content

Authentication Flow

Introduction

The sparrow app essentially is expected to be used by four categories of users.

  1. Indie Developers
  2. Small teams (students + early stage startups)
  3. Mid sized companies
  4. Enterprises

Each of the user types would have separate expectation from Sparrow in terms of deployment mode, flexibility requirements and budgeting constraints.

Sparrow can be either used direction by signing up on SparrowApp.dev or in certain cases can be self hosted for more flexibility and customization.

Here is the current expectation on how flow should work like.

auth flows in sparrow

Auth Flow of the Application in detail

Sparrow doesn't have a built-in login flow in the same way as a web application would. However, you can simulate a login flow in Sparrow using various authentication methods like Basic Auth, OAuth 2.0, API keys, etc. Here's a general outline of how you might simulate a login flow in Sparrow using OAuth 2.0:

  1. SignUp/SignIn traditional way: You can signup via traditional register flow which will be on the web application of sparrow (redirected from desktop app on signIn/signUp button click). User once registered successfully, will be redirected back to sparrow app after login.

  2. Set up SignUp/SignIn OAuth 2.0 in Sparrow: You can login via different OAuth platforms like google/github. For this you have to click on the login button on the app that will redirect you to the Web Application login of Sparrow.

  3. Get Authorization Code: Send a request to the authorization URL using Sparrow's built-in authentication helpers. This will typically redirect you to a login page where you can authenticate and authorize the application.

  4. Exchange Authorization Code for Access Token: After successful login, Sparrow will automatically handle the exchange of the authorization code for an access token by sending a request to the token URL with the appropriate parameters.

  5. Use Access Token: Once you receive the access token, you can use it in the Authorization header of your API requests to access protected resources.

  6. Handle Token Expiry and Refresh: If the access token expires, you may need to manually refresh it using the refresh token if provided, or repeat steps 2-4 to obtain a new access token.

This is a basic overview, and the exact steps may vary depending on the specific authentication method you're using and the configuration of your authentication server.

Step by step flow

Starting from the desktop application, we will have login button for inititaitng the login process.

app login redirection

Sparrow app will redirect you to the web application which will have the complete login/signup flow and Google authentication flow as well.

desktop app login

Traditional Approach

  1. Once the user goes to the web application, he can sign up with the details required like name, email, password etc.

  2. After completion of the signup process, you can login to the same web application and after successful authentication, it will redirect to the desktop app back. Here you will get directly logged in to the application and you can start using sparrow.

login succesful

Oauth Approach

  1. Another way of signing in is via Google authentication or GitHub authentication.

  2. Once you are redirected to login web application of sparrow, you can click on the Google button.

  3. The moment you click the Google button, you will be redirected to your Google account which will ask for authenticating sparrow to fetch certain details which are mandatory for login to the sparrow app.

  4. Once you approve, the web app will get the authentication token and will be passed onto the sparrow app, and you will be notified to open sparrow app or if already allowed will be redirected to the sparrow app and can start using the sparrow app.