This document provides documentation for the authentication endpoints available in the backend.
Base URL: /auth
π Authentication Flow
Initiate Login: The frontend redirects the user to the respective provider's endpoint (e.g., /auth/steam).
Provider Redirect: The backend redirects the user to the social provider's login page.
Callback Handling: After a successful login, the provider redirects the user back to the backend's callback URL.
Token Issuance: The backend authenticates the user, generates a JWT, and redirects the user back to the frontend with the token in the URL (e.g., ?token=...).
Storage: The frontend captures the token from the URL, stores it (e.g., localStorage), and redirects to a clean URL.
Authorization: Subsequent requests from the frontend must include the token in the Authorization header using the Bearer scheme:
Authorization:Bearer <your_jwt_token>
π Endpoints
1. GET /auth/steam
Initiates authentication via Steam.
Response
Redirects: To the Steam OpenID login page.
2. GET /auth/steam/return
Callback for Steam authentication.
Response
Redirects: To MAIN_URL?token=<jwt_token>.
3. GET /auth/google
Initiates authentication via Google.
Response
Redirects: To the Google OAuth2 login page.
4. GET /auth/google/callback
Callback for Google authentication.
Response
Redirects: To MAIN_URL?token=<jwt_token>.
5. GET /auth/me
Retrieves the currently authenticated user's profile information.
Request
Headers: Authorization: Bearer <token>
Response
Status 200 (Success): Returns the user object.
Status 401 (Unauthorized): Missing or invalid token.
6. GET /auth/logout
Stateless logout.
Response
Status 200 (Success): { "success": true, "message": "Logged out successfully" }
Note: Since the system is stateless, the frontend should should delete the stored JWT.
π Socket.io Authentication
To authenticate a Socket.io connection, pass the token in the auth object during connection: