I made a post a while back about my attempt to make authentication with axum and axum login, I kind of revamped my approach, and I wanted feedback about it, because I changed a few things as well as added a more clearer authentication paradigm. I know I should probably use the secrecy crate to make sure passwords cant be easily picked up, but other than that.
The client will make one request, which will take the username and password, idk if it has to be encrypted during transmission but im thinking no, and then, its given a JWK, then if it wants to go to another page, it will make a request to authenticate, which will take the jwk and the next location. although the next location might not need to be handled by authenticate, as axum_login seems to setup a session, I also want to know, is there any added value of re-asking authenticate every time the user wants to go somewhere? I want a permission system, which was one of my rational behind it, but I dont know if i made it overly complex
(also I know I havnt made a db backend for the users yet, working on it)