authorization - Which form of Authentication should I use? -
i'm writing web api users access info on site. however, i'm not sure type of authentication should utilize such task.
here intentions:
one of users develops app needs info on business relationship server. sends me key , verify he's valid user.
there shouldn't 'middle-man' apps doing on user's behalf. owner of account. currently, i'm using scheme hash guid , user sends string me. decrypt it, , check database key.
i'm not sure method called, seems work. have improve solution utilize (probably) improve uses web standards?
this question screams: oauth.
http://oauth.net/2/
more details:
oauth authentication protocol allows approve 1 application interacting on behalf without giving away password.
taken from: http://blog.varonis.com/introduction-to-oauth/
authentication authorization
No comments:
Post a Comment