All Questions
Tagged with authenticationweb-development
13 questions
-1votes
0answers
61views
How to implement SSO between two web applications, one embedded into the other (iframe)? [closed]
I have a web application protected by Keycloak with Resource Owner Password Credentials Grant. Both the frontend and the backend APIs are protected. I need to embed the frontend into a third party ...
0votes
1answer
163views
How can a web application distinguish between sessions from trusted and non-trusted devices?
For compliance reasons, we want admins of a web app to work on it from devices (phones or computers) approved by IT. Or rather, they can work from other devices, but should get logged out quickly, so ...
- 1,477
0votes
1answer
201views
How to model users in multiple workspaces
In Slack and other apps, a user's email can be tied to multiple workspaces. What’s the best approach to architecting that? Do you list workspace IDs on the user record, or do you maintain a list of ...
- 125
2votes
2answers
155views
Authenticate users (REST-API)
What I'm trying to build REST-API using Express and SQLite 5 to 10 authors should be able to post articles to /articles except them, no one is allowed to post anything My approach to build it ...
- 129
1vote
1answer
637views
How can I share authentication information between all the server?
I'm developing a web service that have following structure: Web Server: this is implemented with NextJS which do Server-Side Rendering and serve server-side rendered webpage data to Client. API ...
- 91
1vote
0answers
169views
How does Google Analytics prevent tampering?
I'm building a simplified web tracker as a side project. One of the things I'm unsure about these cloud-based trackers (like Google Analytics) is how they prevent abuse of their platform; in other ...
- 421
0votes
2answers
675views
Is it ok to use .Replace(" ", "+") when reading hashes in a querystring?
I am letting users change their password after a reset, by following a link containing hashes of the password and user name (e-mail address). The link can look like this: www.example.domain/login?h1=...
- 131
7votes
3answers
2kviews
How do you handle JWT expiration for long running calls?
Currently we are debating over securing our multiple micro-services. The major concern is that the JWT token provided to us will expire before the call is finished. (This is in the synchronous design) ...
-2votes
3answers
2kviews
Authenticate user without password [closed]
I would like to work on a project where I can authenticate or validate a user without the typical user/password combination to authenticate a user in my system. In other words, I would have a API and ...
- 99
2votes
4answers
835views
Authenticating users for a website
I'm working on a website and I want to validate that an individual is an employee at one of a large number of companies (probably using their company's email address, which I don't know before hand). ...
- 121
3votes
2answers
2kviews
Alternatives to Traditional Password Authentication [closed]
The third party login is excellent function that has come in recent years that relieves the load on a programmers mind so that I have to remember less useless passwords. I don't use the same ...
- 8,158
0votes
3answers
6kviews
Where should authentication be handled, in the server's code, or in the application's server-side code?
I'm developing a simple web application in node.js. Users can log in from any page in the application, so I handle authentication in the server's code and logic, and the application's server-side ...
5votes
1answer
148views
Is there a proven concept to website reverse certificate authentication?
We're looking at exposing some of our internal application data externally via a website. The actual details of the website aren't that interesting, it'll be built using ASP.NET/IIS etc, that might be ...
- 221
