1
I’m developing an application Restful in PHP, I need to do an authentication mechanic on that system, so client applications can consume your data.
What techniques can be used to authenticate systems Restful?
1 answer
1
I recommend that you use Oauth 2.0 to allow users access through Tokens and ensure greater security to your user because they will not always need to inform the user and password as happens in Basic Authentication, make your life easier when creating mobile apps, as well as being the standard used by major brands such as Google, Facebook and Paypal.
In addition to these two methods (Oauth2 and Basic Authentication), you can check the Digest method which in my opinion at safety level is between Basic (which as its name says is basic) and Oauth2.
I also recommend the use of the security layer through SSL regardless of your choice.
Official website of Oauth2 with examples of implementation: link
Browser other questions tagged rest authentication asp.net-web-api oauth2
You are not signed in. Login or sign up in order to post.
Basic Authentication is a good start.
– cassiomolin
I usually do it as follows: I make the frontend (basically html, css and javascript) fully available and in all services of the Rest api that need authentication I implement the Basic Authentication verification. If the authentication is not valid or if the informed user does not have permission to access that service, the server returns 401 status. In the client, whenever error 401 occurs the user is directed to the login page. I do not know if it is the best way. I would like to know how colleagues do.
– user46537
I have already used this method, however I am using HTTP protocol, and Basic Authentication is not safe in this protocol.
– Yure Pereira
Then use HTTPS. Any form of authentication will be vulnerable at HTTP.
– cassiomolin