All geek questions in one place

OpenID and RestFul APIs

There is a Restful Authenticated API on my website. When a user logs in to the website, he performs basic HTTP authentication (username and password) and the access token generated in the API is returned.

But lately I have implemented a password input (yes, steam can act as an OpenID provider). Everything is fine, but how can I authenticate the user in the API if the password is not sent.

+6
source share
2 answers

So basically you want to make sure the user is authenticated. Here, Steam provides your server with a key (OpenID server), and your server has provided a key to the OpenID server. This is very similar to the tokens used for Anti-Forgery attacks. Steam provides your server with user identification, and your server marks the location of the Steam server. Then the user is allowed to view the contents of your server. Steam will probably use the API, so if the credentials are cached in the browser, it will not request them in the future.

Note. HTTP has no statelessness, so you need to use sessions to make sure you are still logged in.

+3
source

/ , OpenId (Steam, ). OpenId.

OpenId :

OpenID - , , , , Google, Twitter, Facebook, Steam - OpenID. (OpenID Relying Party) OpenID (Google, .) OpenID .

OpenID , , , , OpenID. " " .

OpenId:

Openid flow

, OpenId (Steam) , URL-. :

  • , , , . , .
  • API, .
  • API , ( , RESTful API).

API RESTful API, , . , .

+2

Source: https://habr.com/ru/post/1016965/

More articles:


All Articles