Registration & sign-in summary
Last updated
Last updated
Two registration paths are available for Patchworks - whichever you choose determines how users access the platform:
Simple
Basic Auth
Username and password
User accesses the Sign in to Patchworks page. Here, they enter the email address associated with their account, and a password.
OAuth 2.0
Google sign-in
User accesses the Sign in to Patchworks page. Here they select the Sign in with Google option for redirection to the Google sign-in page.
Users . Thereafter, these credentials are used to sign into Patchworks:
Google Sign-In is implemented using the OAuth (Open Authorisation) protocol.
OAuth enables users to log into an application/website (the Client/Consumer - in this case, Patchworks) using account information from another application/website (the Service Provider - in this case, Google) without ever sharing the user’s password. This is known as Secure Delegated Access.
To achieve this, OAuth uses a system of access tokens. An access token authorises temporary access to specific account information - Patchworks requests and stores the following details from Google:
UserID
Name
Email address
Avatar URL
The Google sign-in flow for a user is summarised below:
The user selects Sign in with Google.
Patchworks redirects the user to the Google Sign-In page. Here, the user is informed what information they will share with Patchworks by signing in to Google.
The user enters their Google account credentials. If sign-in is successful: - The Google Authorisation Server issues an access token to Patchworks. - Patchworks requests required data from Google, presenting the access token for authentication. - Google returns the requested resources (provided that the access token is valid).
The user is returned to Patchworks and is logged into the dashboard.
Passwords can never be viewed or accessed by users, irrespective of their role.
Any logged-in user can change their password by selecting the Change password option associated with their avatar (in the top right-hand corner of the dashboard).
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
Users can reset their password via a Forgot your password link - this link is always available at the bottom of the Sign in to Patchworks page:
Selecting this option displays a Reset Password page, where the user can enter their email address and trigger a password reset email:
The password reset email includes a link for the user to follow and reset their password.
Password reset links are valid for 24 hours. After this, another password reset must be triggered so a new link is emailed.
However, if a password reset is triggered for a Google sign-In user, they still receive a password reset email, which can be used to set a Patchworks password.
A minimum length of 8 characters
At least 1 lowercase letter (a - z)
At least 1 uppercase letter (A - Z)
At least 1 number (0 - 9)
At least 1 special character (!, $, #, or %)
Patchworks passwords do not expire.
Patchworks passwords are stored in an encrypted AWS database.
However, OAuth2 is also used for clients who wish to access Patchworks services via a Patchworks API endpoint. In this scenario, Patchworks provides an access token to clients, which is used to authenticate API requests.
For further information, please see the help page.
Users . Thereafter, signing into Patchworks is via Google:
For further information, please see the help page.
The user accesses the .
Within Patchworks, user accounts are associated with a role. This role determines the level of access that users have within the Patchworks dashboard (subject to the active ). For more information please see the page.
Passwords can never be viewed or accessed by users, irrespective of their role. For further information please see the section.
For further information please see: .
Users associated with the client admin role can trigger a password reset for any users in their company profile, via the Patchworks dashboard. For more information please see our page.
If a user registers their Patchworks account with , they won’t be aware of a ‘Patchworks password’ because they always sign in with Google credentials.
This does not affect the person’s Google sign-in, it just means they can choose to log in via Google or enter their email address and Patchworks password ().
When setting a password for , the following rules apply:
Users who sign in via Patchworks can choose to any time, from the Patchworks sign-in page.
Alternatively, users with a Client Admin role can .
We have already noted that is used to authorise access to Patchworks via . In this scenario, Patchworks requests an access token from Google; once a token is received, it is used to request the required user information for the sign-in process.
For further information please see our .
