# Authentication

Kamek uses Google's OAuth 2.0 (opens new window) for authentication and ACL (opens new window) service for authorization. It uses OAuth's features through vue-google-oauth2 (opens new window) library, which handles Google sign-in and sign-out for Vue.js applications. User permissions are managed on ACL's platform (opens new window), as explained here (opens new window).

Bellow is the flow for the login process:

sequenceDiagram
    participant K as Kamek
    participant O as Google OAuth 2.0
    participant T as Toad
    participant A as ACL
    K->>+O: Get authorization code
    O->>O: User login
    O-->>-K: Authorization code
    K->>+T: Login with authorization code
    T->>+A: Login with authorization code
    A-->>-T: User email, authorization token, refresh token and permissions
    T-->>-K: User email, authorization token, refresh token and permissions

← Authentication How to use →