Trongate Website Homepage

How Trongate's Token System Works

The Trongate framework incorporates a built-in token system designed to facilitate authorization and authentication. Currently, this system operates in a database-driven manner, necessitating a connection to a MySQL database for full functionality.

System Overview

Trongate's token system is based on three primary modules, each corresponding to a database table. These components are essential for managing token-based authorization and authentication:

The following diagram illustrates the relationships between these three tables:

Diagram of Trongate's security tables
Diagram showing the relationship between Trongate's security tables in the Graphical Query Builder.

Guiding Principles

To effectively utilize Trongate's token system, adhere to the following principles:

Database Integration

In a typical scenario, such as a private members' website, the 'members' table might include fields like 'first_name', 'last_name', and 'email'. For integration with Trongate’s token system:

Note that the trongate_user_levels, trongate_users, and trongate_tokens tables do not include a 'password' field. Instead, user passwords are securely stored (hashed) in the 'members' table or equivalent. This separation of concerns allows Trongate’s token system to focus solely on token management, while password storage is handled securely within the user-related tables.

All of the components described above connect members to Trongate's token-based security system, providing considerable flexibility and security.

Integrating a members table with Trongate's token system
Integration of a 'members' table with Trongate's token system.

Future-Proof Flexibility

The mechanism described is designed to be both flexible and future-proof. Notably:

Trongate does not need to manage the specifics of the login process for tokens to function effectively. Whether users authenticate via traditional username/password methods or alternative mechanisms, Trongate’s role remains to manage and validate tokens. This abstraction makes Trongate an appealing choice for developers working with mobile and web applications that require secure API endpoints.

Token Management

Trongate’s responsibilities regarding tokens include generation, validation, and management of expiration. Significant events that might trigger token generation include:

As a developer, you define which events warrant token generation. From Trongate’s perspective, the focus is on token creation, validation, and removal of expired tokens.

This overview provides a detailed understanding of Trongate’s token system. For further insights, we will explore how these components function together in the next section.