Link

Concepts

Table of Contents

  1. Servers
  2. Sessions
  3. Users
  4. Accounts

Servers

The nextAuth Server (NS) allows you to set up multiple (virtual) servers running on a single NS. All virtual servers are separated and do not share any data (e.g., sessions, users, accounts), except that they run on the same NS and database. A server is identified by a random Server ID and is associated with a public/private keypair for server authentication. These are all automatically generated when creating a server through the API.

Every server can be configured separately with a different name, logo, and second factor settings.

Sessions

Whenever the mobile app authenticates, it does so with respect to a specific session. A Session Identifier, called Nonce in the API documentation, is an opaque string which can be arbitrarily chosen by the user of the API. We recommend using at least 128 random bytes and encoding these in hexadecimal or base64.

Based on the session identifier, one can check through the API whether a mobile app is authenticated for that specific session and, if so, which user (and account of the user) is logged in.

Internally, the Mobile SDK and NS, do not use the session identifier directly, but a derived identifier.

Users

A User maps the account (public keys) that is used to authenticate with to a unique ‘username’ for your backend system. This username can be any string and is determined by the user of the API. Obviously, a user can have multiple accounts (app instances, devices) linked to it. This way, it is possible for users to have multiple of their devices linked, e.g., a smart phone and a tablet.

Optionally, you can also define attributes for users, e.g., first name, last name, email, group membership… This way, your business applications can also learn specific attributes of the user that is currently logged in.

Accounts

An Account means an account inside a mobile app for a specific user at a specific server. Each account has its own set of private/public keys associated with it (these are not even shared among other accounts of the same user). There might be multiple accounts registered within the same app, corresponding to different users, potentially on different servers. On the server side, there can be multiple accounts which correspond to the same mobile device.