Mfund documentation
  • Introduction
  • Setup Guidelines
    • Mfund Flutter App
    • Mfund Backend
  • Technology Used
  • Architecture
  • Database Structure
  • App Flow
    • Dashboard App Flow
    • User App Flow
  • Backend Flow
  • API Documentation
    • Dashboard APIs
    • App APIs
  • Screens
    • App Screens
      • Login Screen
      • Signup Screen
      • KYC Screen
      • Home Screen
      • Investment Screen
      • Profile Screen
      • Withdraw Screen
    • Dashboard Screens
      • Login Screen
      • Home Screen
      • Investment Plan Screen
      • Investors Screen
      • Balances Screen
      • Transaction Details Screen
      • Settings Screen
      • App Bar
Powered by GitBook
On this page

Was this helpful?

Backend Flow

PreviousUser App FlowNextAPI Documentation

Last updated 4 years ago

Was this helpful?

In the backend, authentication is handled via Firebase. App provide firebase JWT token via api and then server verifies that token using firebase admin SDK. Upon successful verification, server create new JWT tokens and send those tokens as a response. App uses these tokens for further request.

Backend uses for JWT verification. Once JWT is successfully verified then the requested data is either fetched or added in PostgreSQL database using

When the access token is expired then server create new access token after verifying the refresh token attached in header of the request. If refresh token provided in header is expired then the firebase user's refresh token in revoked and token expired message is send back to the app, after which app delete shared preference and redirect the user to login page.

Similarly, in case of logout, firebase refresh token is revoked and shared preferences is deleted from the app.

passport.js
sequelize.js