Am new to RestfulServices. I wrote a restful webservice (Jersey).
But am not able to implement security on those serives.
Please share me how to provide security with OAUTH (Tutorial URLs or steps to follow).
Thanks in advance......
Related
I hope not to be duplicating any question, and also not to be asking something too basic.
I´m building a web app in ReactJS, just to get familiar with the framework. I planned to grant access to users using a Facebook login, which I already have working with react-facebook-login. I also have a Spring Boot Rest API, to serve the front-end. But I want to allow access to part of my API just to authenticated users, using the Facebook access token. So in my back-end, I had to do an org.springframework.boot downgrade from 2.0.4.RELEASE to 1.5.10.RELEASE so I can use the Facebook Graph API. Do you guys think this is ok? or should I use a different approach?
And to be honest I´m a little confused on how to achieve a correct validation of the user's request on the restricted areas of my REST API using the access token sent from the front-end, Do you guys have any suggestions on this matter?
Thank you all for your help.
I am currently learning REST APIs, but I still quite don't understand how to authenticate clients when making calls to the API.
How developers usually do this?
please refer me to a good tutorial.
You can use OAuth 2 protocol for authentication.
There are a lot of tutorials about how to implement it.
Link to OAuth website:
OAuth
I'm trying to build a application based on RESTful API and I'd like to provide a method for authentication both JWT and 0auth (JWT for user access and 0auth for app access).
In short I'd like to do:
User Access (Web App, Mobile App - JWT)
------------------------> /
-----------------------> /api/login
-----------------------> /api/logout
Client's app (API KEY - 0auth)
------------------------> /services/getInfo
/services/getProducts
A user can use the web application and could wish to integrate some functionality of its app with my services, like Facebook, Github and so on..
I ain't sure about this approach because it's the first time I design a big application.
The questions are as follows:
Should I also use JWT for authentication by app?
Using JWT, can I trace how many request the apps do?
Can I revoke a JWT token?
Is 0auth protocol better than JWT for authentication by app?
Oauth 2.0 is an authorization protocol and it shouldn't be used for authentication. Consider using Openid Connect for your scenario. It works on top of oauth so the flow would be identical with some improvisations for authentication.
In this case, you can register your application to use the same protocol for both end users as well as for calls within your applications.
Please explore client credentials flow for app access and implicit/hybrid flow for Web App.
Openid connect uses jwt tokens for authentication and authorization.
Identity server 3 is a certified implementation of Openid connect. Their documentation is good and they have an active support forum to help you with queries.
Please Refer :
https://www.safaribooksonline.com/library/view/identity-and-data/9781491937006/ch04.html
https://leastprivilege.com/2016/01/17/which-openid-connectoauth-2-o-flow-is-the-right-one/
https://github.com/IdentityServer/IdentityServer3
https://github.com/IdentityServer/IdentityServer3.Samples
I'm developing an ASP.NET Web API. The authentication used in this API does not use OWIN, and I need to make a method that authenticates a user by using their Facebook account.
I only find examples on how to do this by using OWIN and OAuth. Is there another way to do this?
Can someone post some link or explanation about this case?
Thanks in advance!
I am a bit confused implementing SSO with RESTful API. So far, I have used RESTful API to authenticate and get a token-id.
How should SSO can be implemented? To get a token validated, it must be saved somewhere as a cookie or something. Is there any way to do this?
I you want to do SSO yourself you have to mimic OpenAM's SSO session tracking mechanism which uses cookies.