All Questions
Tagged with rest authentication
55
questions
0
votes
0
answers
233
views
How can I secure the backend in a meaningful way when users log in via OAuth2 in the frontend?
I'm thinking about a rewrite of a existing application. This legacy application does not separate frontend and backend. It's a single application with server side rendering.
I want to rewrite it to a ...
3
votes
2
answers
2k
views
Oauth 2.0 - MFA for REST APIs
We are looking at implementing Multi-factor authentication for our application, using Time-based one-time password (TOTP) algorithm.
What we want to achieve:
Users should have the option to enable ...
0
votes
1
answer
2k
views
How to share users between multiple web application?
Objective
I have to create way to use the same users to connect to multiple application, and i am thinking about how to do it and how to share the data between the applications.
Details
Each ...
1
vote
1
answer
3k
views
Implementing SSO on a REST API
I have a REST API server with its own authentication methods. I need to provide to some third party apps an authentication solution which should be processed on my server, I don't want them to handle ...
2
votes
2
answers
153
views
Authenticate users (REST-API)
What I'm trying to build
REST-API using Express and SQLite
5 to 10 authors should be able to post articles to /articles
except them, no one is allowed to post anything
My approach to build it
...
1
vote
1
answer
74
views
Authentication-as-a-Service (Auth0) and retrieving user profiles for many different users
For my recent project I decided to leverage Authentication-as-a-Service, in particular I am using Auth0 but I do not think this particularly matters. I've got my React client set up correctly and I am ...
4
votes
2
answers
4k
views
Should I return user data in an authentication endpoint using JWT?
I implement an auth endpoint which takes an email and password and returns a JWT token.
Inside the JWT there is a payload containing the user ID.
Does it matter from a REST/JWT standards perspective ...
5
votes
3
answers
2k
views
When to derive user ID from authentication token vs. validate against?
I am using JSON web tokens, but this authentication token can be any token from which a unique user can be derived.
I am designing a REST API that allows CRUD operations on resources owned by specific ...
1
vote
0
answers
167
views
Best Way To Store Password & JWT on Mobile
I have a Flutter and Angular application that previously used Firebase, but for various reasons I'm working on switching it over to my own RESTful API with ExpressJS. One topic I'm a little confused ...
-4
votes
1
answer
44
views
How would I authenticating a Software Plugin with Username/Password using REST?
I'm developing my first Python plugin for a 3D application.
What I'm looking to do
I would like users who've purchased a subscription to the plugin from my Wordpress/WooCommerce web site to log in ...
4
votes
2
answers
2k
views
How to combine session-based authentication and stateless REST API
What is the proper way of combining session-based authentication with stateless, token-based authentication for a REST API?
Use case:
User logs-in in the standard, traditional, session-based way. ...
0
votes
1
answer
132
views
Designing Rest API endpoint for viewing bearer access token
We have several endpoints which were authenticated using a bearer access-token. There was another endpoint which will renew/generate a new bearer access-token on passing valid secret_id and client_id. ...
7
votes
3
answers
4k
views
Authentication setup advice for web app and its backend API
I am fairly new to web development, and I am learning to build web applications. I am facing a problem figuring out how to set up authentication mechanisms for a multi-user application. Let me provide ...
3
votes
1
answer
984
views
How to handle API token(s) that expires after time
I'm currently building a facade that's supposed to be in front of a system we are currently using. This system has its own API, but we have decided to simplfy things, and therefore the facade.
...
3
votes
1
answer
2k
views
REST API Authentication: Cookie vs Web Storage
Note: This question might sound like a duplicate, but all other similar questions did not take into account (mobile apps, iot's, web, 3rd party usage). Specifically, in dealing with the clients ...