Stack Overflow
Stack Overflow

Questions tagged [restful-authentication]

Questions about authentication for RESTful services.

Services designed using REpresentational State Transfer architecture must often authenticate clients. How best to do this can be a complex topic, as in true REST each client request to the server will contain all the information necessary to complete it (including authentication).

Resources

1447 questions
6
votes
1 answer

Android + Firebase Auth + REST API: How to properly work with token?

I'm starting a new project and Firebase Auth was the choice for authentication. The idea is to create/login users through Firebase Auth and then, use the Firebase ID Token to authenticate on my backend (through Authentication header). In Google…
Guilherme Lima Pereira
  • 1,402
  • 5
  • 17
  • 35
6
votes
1 answer

In Restful web services how to get username or password programmatically (basic authentication)

I have restful web services in a Java EE application (ejb3) running on jboss. And do not know how to get username or password programmatically, like when service method is called I want to be able to get this user principals as smilar to jaxws …
javatar
  • 4,542
  • 14
  • 50
  • 67
6
votes
2 answers

cb is not a function in hapi-auth-jwt2 - Node.js

I'm following this tutorial to implement jwt authentication in hapijs v17.2. I did everything according to the tutorial, but the following error is driving me crazy, even debugging didn't make any change. error Debug: internal, implementation,…
Hooman L
  • 151
  • 2
  • 8
6
votes
4 answers

Is WIF a good option for securing WCF 4.0 Restful service with iPhone

I have a project which needs to expose WCF restful service to iphone/ipad Client. The WCF worked, now i need to secure it with username and password. For some reason i am a little reluctant to go with CustomBasicAuth Oauth is also not ideal in WCF…
D.J
  • 2,534
  • 4
  • 28
  • 43
6
votes
2 answers

Simple PHP REST server with secure user authentication and registered third party applications

I'm looking into writing an PHP REST API that would allow registered users interact with the web service from third party applications. What I need the API to be able to do is: provide support for secure user authentication allow registered users…
titel
  • 3,454
  • 9
  • 45
  • 54
6
votes
0 answers

Spring Security, OAuth and Pre-Authorization

Can anyone provide some information, hints or tutorials that demonstrate how to use Spring Security OAuth with Spring's PreAuthorize feature? Ideally, I would like to link a username used for preauthorization to OAuth credentials.
Ta Sas
  • 9,573
  • 15
  • 51
  • 73
6
votes
3 answers

App structure for roles-based RESTful resources

Is there a consensus best approach to implementing user roles when using RESTful resource routes? Say I have the following resources: User has_many Tickets Event has_many Tickets Ticket belongs_to Person, Event And then further say I have two…
Ed Haywood
  • 219
  • 1
  • 3
6
votes
2 answers

Laravel RESTful API authentication for mobile app

I would like to discuss what is the best way to secure your API's in order to be used from a mobile application. Since there is not third-party I guess OAuth is not a good choice? Would JWT be a good choice? The hard part for me to understand is how…
csdinos
  • 197
  • 2
  • 6
6
votes
2 answers

How to secure a RESTful API in Spring Boot without mantain a jsessionid

I need to create a SpringBoot RESTful API to be consumed either by a web project or a mobile app. My question is how to secure it without the typically basic authorization that returns you a "jsessionid" to the web browser and mantains the session…
Fernando Fradegrada
  • 973
  • 1
  • 9
  • 26
6
votes
0 answers

Does the 2-Legged OAuth 2.0 meets HIPAA compliance?

I'm about to start coding a new RESTful service with the CRUD methods and it needs to meet the HIPAA compliance, so I'm wondering if the 2-Legged OAuth 2.0 fits on that requirement. Is there any source I can look at, so I can confirm if yes or no? I…
vhugo
  • 543
  • 1
  • 5
  • 23
6
votes
1 answer

How to implement Spring Security on my Spring 4.0 RestFul web service?

I just developed a simple restful web service by using Spring 4.0 and Hibernate 4.0, so it is without beans.xml file. I would like to implement a Spring Security on the web service, since the roles will be performed on the HTTP functions GET, POST…
Kh.Taheri
  • 946
  • 1
  • 10
  • 25
6
votes
1 answer

Why isn't RSA signing usually used in RESTful apis?

I develop a simple app that doesn't use (at least, at first) any third-party authorization. I want to create a RESTful api to be used by iOS/Android/whatever clients, so I've read a bunch of information about implementation of RESTful APIs. However,…
Max Yankov
  • 12,551
  • 12
  • 67
  • 135
6
votes
1 answer

How to secure a Spring RESTful webservice for Angular.js or Ember.js

I have a Spring MVC application that uses Spring Security to handle user login authentication, which works fine. Now I want to add some Ember.js and Angular.js code to the HTML pages that accesses the Spring RESTful web services (which just return…
nzcoder
  • 109
  • 1
  • 2
  • 8
6
votes
2 answers

“Shared” authentication for website and RESTful API

Goal: My server needs to direct non-users to a landing/home page, and logged in users to the actual app. When the app is loaded, it will make authenticated HTTP requests to a RESTful API (via Ajax). I have a RESTful API that needs authentication. On…
user1082754
6
votes
2 answers

Restful Authentication: Allow logins from multiple computers?

Our Rails app is using Restful Authentication for user/session management and it seems that logging in to the same account from multiple computers kills the session on the other computers, thus killing the "Remember me" feature. So say I'm at home…
Shpigford
  • 24,748
  • 58
  • 163
  • 252
1 2 3
96 97