Questions tagged [authentication]
Authentication is the act of one entity proving its identity to another entity. Common examples involve public key cryptography. For example, proving that a banking web site actually belongs to the bank you think it does.
431 questions
1vote
2answers
131views
API supporting multiple authentication providers?
I am currently looking at building an API server that will support multiple authentication providers (Google, GitHub, Keycloak, etc) and I am trying to work out what’s a good way to go about it. Two ...
- 119
-1votes
0answers
61views
How to implement SSO between two web applications, one embedded into the other (iframe)? [closed]
I have a web application protected by Keycloak with Resource Owner Password Credentials Grant. Both the frontend and the backend APIs are protected. I need to embed the frontend into a third party ...
3votes
1answer
77views
Is there a context in oAuth, reusable in the callback?
I am developing a home-grade web application (server-client, based on Nuxt and nuxt-auth-utils). I am using the opportunity to learn something about oAuth (and OpenID). One of the issues I face is ...
- 1,661
3votes
2answers
223views
Why do I need an authorisation server if my micro services can validate JWTs directly?
I'm working on a Spring-based micro service project and considering different approaches for handling authentication and authorisation. Instead of setting up a dedicated authorisation server, I’m ...
- 41
-1votes
1answer
146views
Which authentication method to use?
I have a REST API with protected endpoints, which require an AccessToken for access. For the user to receive the AccessToken, they need to access the login endpoint and with the correct credentials (...
- 11
4votes
1answer
118views
Next Auth Flow For Use with Ruby on Rails API
I plan to have a frontend web app written with Next.js using the AuthJS library to provide user authentication using Oauth. This frontend application depends on a backend API. I want to make sure my ...
- 149
0votes
1answer
100views
Database structure for two-step registration flow
I'm trying to design a database for supporting a multi-step registration flow. The registration flow goes like this: the user logs in via OAuth (which creates a session and user), then they're asked ...
0votes
0answers
83views
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token ...
- 9
2votes
3answers
708views
Race condition when issuing a refresh token: worth addressing or not?
I'm quite new to the world of access and refresh tokens, so bear with me. Client uses its refresh token to get a new access token. The server invalidates the just used refresh token and contextually ...
- 125
0votes
1answer
54views
Best way to approach connection between game server to client connection with Django web server as middleman
I have a web game design question. I am trying to build a multiplayer web game with non-intensive graphics (ex tic-tac-toe, chess). I am trying to figure out how to take already authenticated users in ...
1vote
1answer
208views
Necessity of one-time codes in 2FA
Why is it that some services, when they conduct 2FA ask you to rewrite a code from an app, even if that app is part of that service's infrastructure? For example, when I log in via the web to ...
- 21
3votes
2answers
731views
How does "remember this computer" work?
Website multifactor authentication prompts will often include a "remember this computer" checkbox. How does this work? In order to be secure, it needs to be more than just a cookie, as a ...
- 476
0votes
1answer
106views
Designing a restful API for a desktop application to facilitate communication with other APIs
Just for some context, I am a CS student in my second-year who is working on a C++ desktop application (using the Qt framework) made by an engineering professor. The application is an educational tool ...
0votes
1answer
133views
Authorization business logic on claims or on app database?
Context: I have an API (using DDD) with an entity lets call it "Content" that only can be update by certain users. For example Content with Id = 1, can only be modified by User Id = 1, ...
0votes
1answer
41views
Is using an Azure Function to forward a message to my App Service the best idea for handling a Twilio Web Hook?
I have an Azure App Service running a .NET (Core) API for an inhouse application, which I'm integrating with Twilio to handle Whatsapp communication. To handle the web hook responsible for receiving a ...
- 141
