We are launching a web application (a brilliant server where encoding is performed in R) and want to add an authentication level to it. Instead of creating something for this in R, I was thinking about using a meteorite to create auth tokens and all that. So I thought about it:
- The user logs in with a meteorite and meteorite, creates an entry in the database that looks something like this:
{"createdAt": 1372521823708,
"_id": "HSdbPBuYy5wW6FBPL",
"services": {"password": {"srp": {"identity": "vKpxEzXboBaQsWYyJ",
"salt": "KRt5HrziG6RDnWN8o",
"Verifier": "8d4b6a5edd21ce710bd08c6affb6fec29a664fbf1f42823d5cb8cbd272cb9b2b3d5faa681948bc955353890f645b940ecdcc9376e88bc3dae77042d14901b5d22abd00d37a2022c32d925bbf839f65e4eb3a006354b918d5c8eadd2216cc2dbe0ce12e0ad90a383636a1327a91db72cf96cd4e672f68544eaea9591f6ed102e1"}},
"resume": {"loginTokens": [
{"token": "t9Dxkp4ANsYKuAQav",
"when": 1372521823708}]}},
"emails": [
{"address": " example@example.com ",
"verified": false}]}
- The user is redirected to the "old application". Here we check the local storage (there must be the same local storage as the meteor, if we use the same external node and port, right?) And find this information:
Meteor.loginToken: t9Dxkp4ANsYKuAQav
Meteor.userId: HSdbPBuYy5wW6FBPL
- The local storage data is examined by a "different application" and it performs a simple database query on meteor db to make sure that the local storage information matches what is in the database. Perhaps also check the expiration date. If it matches, the application displays, otherwise it is not.
Is this a decently secure way to do this? Will it work to share local storage between applications?
source share