Your own login and registration system for an app

A ready sign-in backend: registration, login and tokens with secure password storage — all on your own server.

  • Registration, login, verification and refresh out of the box
  • Passwords are stored in hashed form
  • Short working tokens and long refresh tokens
  • No separate paid auth service
Webhook

How it works

To connect Webhook and , you don't need a developer: a ready-made scenario links them in minutes.

  1. Starts when: Registration Webhook
  2. Then: Parse Register Request
  3. Then: Validate Registration Request
  4. Then: Get User By Username
  5. Check: If Username Is Available
  6. If yes: Get User By Email
  7. Check: If Email Is Available
  8. If yes: Generate Salt
  9. Then: Format Password & Salt
  10. Then: Hash Password
  11. Then: Format User Data
  12. Then: Create User
  13. Starts when: Registration Successful
  14. Starts when: Error Registration Response
  15. If no: Email Taken Error
  16. If no: Username Taken Error
  17. Starts when: Registration Request Invalid Error
  18. Then: Process login webhook
  19. Then: SET ACCESS AND REFRESH SECRET
  20. Then: Verify Input
  21. Then: Get User
  22. Check: If User Exists
  23. If yes: Extract Salt & Hash
  24. Then: Hash Input Password
  25. Then: Verify Password
  26. Then: Create JWT Payload
  27. Then: Sign Access Token
  28. Check: Merge JWT Tokens
  29. Then: Format JWT Tokens
  30. Then: Hash Refresh Token for Storage
  31. Then: Code in JavaScript
  32. Then: Update User Refresh Token
  33. Check: Merge
  34. Starts when: Login Successful
  35. Then: Store Refresh Token
  36. Then: Sign Refresh Token
  37. Starts when: Login Credentials Invalid Response
  38. If no: User Not Found
  39. Starts when: Bad Request
  40. Then: Parse JWT
  41. Then: SET ACCESS AND REFRESH SECRET2
  42. Then: Verify HMAC Signature
  43. Then: Compare Signatures
  44. Starts when: Access Token Valid
  45. Starts when: Access Token Invalid
  46. Starts when: Verify Access Token
  47. Then: Process Verify Token Webhook
  48. Starts when: When Executed by Another Workflow
  49. Starts when: Refresh Access Token
  50. Then: Process Refresh Token
  51. Then: SET ACCESS AND REFRESH SECRET1
  52. Then: Parse Refresh Token
  53. Then: Verify Signature
  54. Then: Compare Refresh Token Signature
  55. Then: Hash Refresh Token For DB Lookup
  56. Then: If Refresh Token Exists
  57. Check: If Refresh Token Is Valid
  58. If yes: Create Access Token Payload
  59. Then: Sign New Access Token
  60. Then: Format Access Token JWT
  61. Starts when: Return New Access Token
  62. If no: Session Expired
  63. Starts when: Login Webhook

You can launch this integration in Scriptera: describe the task in plain words — the scenario is built, launched and monitored for you.