1

I'm integrating FOSOAuthServerBundle to handle login from an angular front-end.

I have made a client with grant-type password. So my request looks like: /oauth/v2/token?client_id=[CLIENTID]&client_secret=[CLIENTSECRET]&grant_type=password&username=[USERNAME]&password=[PASSWORD]

I think it's pretty safe because the client only has grant-type password. The only part that isn't safe, are the user credentials (username and password). They are sent plain to the backend and I want them encrypted.

How can i handle the hashed credentials in the FOSOAuthServerBundle?

jsprds
  • 67
  • 2
  • 9
  • 1
    The user will always send credentials in plain text unless you use TLS/SSL etc. But why don't you use POST request, it is less visible to the user. – JohnnyJS Dec 06 '14 at 13:34
  • @JonnieJS, SSL is probably the best solution. But it would be nice if the credentials are sent with an extra security layer like a sha-hash. – jsprds Dec 09 '14 at 13:30
  • it is not possible. say you encrypt her password, then the whole idea behind encryption algorithms that it cant be decrypt. so your server will have nothing to do with this. you must at least once send in plain text. you may use JS to encode it to base_64 with desired but every hacker can read all js code. so that useless. – JohnnyJS Dec 09 '14 at 14:38

0 Answers0