• Login should take an email and password combination
  • Validate effectively, with suitable password pattern
  • Make a request to the Provider for server side validation and persistent token exchange

Authentication should include the following

  • CSRF headers in authentication requests to prevent forgery
    • http://en.wikipedia.org/wiki/Cross-site_request_forgery
  • Auth state persistence through signed cookies
  • Global (singleton) session model in the client whose state changes can be listened to
  • Client-side + Server-side model validations
  • Salt/hashing of passwords for back-end storage
  • Communication on this form should happen with https.

Resources Useful websites and tutorials


Task Date
Add the ability to log in via other openIDs such as google or github.
Use the bootstrap button JS to stop the button being submitted again
Sort out TabIndex
Sort out Accessibility
Sort out Schema.org