authentication

问题 I am currently using a client-side React component to have a user login to Facebook via OAuth in my application. On the server-side, I use the npm package passport-facebook-token to validate the authenticity of the accessToken after a successful client-side login. One practice I do not see often is in addition to asking Facebook if the accessToken is valid, shouldn't the server also check if the email provided by the client's payload matches the e-mail coming back from Facebook? Allow me to

问题 I am currently using a client-side React component to have a user login to Facebook via OAuth in my application. On the server-side, I use the npm package passport-facebook-token to validate the authenticity of the accessToken after a successful client-side login. One practice I do not see often is in addition to asking Facebook if the accessToken is valid, shouldn't the server also check if the email provided by the client's payload matches the e-mail coming back from Facebook? Allow me to

问题 I have two different web application built with ASP.net MVC. This two application may not be running in the same server nor in the same domain. I would like that if a user login in one of them, automatically should be login in the other. The same should work with logout. Which do you think is the best solution? Do you know about some example code? Thanks! --- EDITED WITH MORE INFO --- Use case scenario: The user has the web application A opened on a tab, and at some point of the app there is

问题 I have two different web application built with ASP.net MVC. This two application may not be running in the same server nor in the same domain. I would like that if a user login in one of them, automatically should be login in the other. The same should work with logout. Which do you think is the best solution? Do you know about some example code? Thanks! --- EDITED WITH MORE INFO --- Use case scenario: The user has the web application A opened on a tab, and at some point of the app there is

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 3 years ago . Improve this question I am working on adding a REST API to a legacy PHP site. This is to provide an endpoint for an internal app, so I am quite free in how I design things and what do and don't support. What I now need to add to this API is a way to login, and then perform

问题 I am looking to implement web (angular) and iPhone apps using WebSockets to communicate with our server. In the past using HTTP requests we have used hashes using the request data, url, timestamp etc to authenticate and secure the requests. As far as I am aware we can't send headers with WebSockets requests therefore I am wondering how I can secure each request. Does anyone have any ideas or good practices? 回答1: Having secure communication with server includes authenticating both parties to

问题 I'm using Node.js + Express + Passport to create a simple authentication(local) and what I've reached so far that when a wrong username or password entered user is redirected to an error page but when the user enters a correct username and password I get this error node_modules\mongoose\lib\utils.js:435 throw err; ^ TypeError: Object { _id: 50b347decfd61ab9e9e6768f, username: 'saleh', password: '123456' } has no method 'validPassword' I'm not sure what's wrong there app.js (I removed the

问题 I'm using Node.js + Express + Passport to create a simple authentication(local) and what I've reached so far that when a wrong username or password entered user is redirected to an error page but when the user enters a correct username and password I get this error node_modules\mongoose\lib\utils.js:435 throw err; ^ TypeError: Object { _id: 50b347decfd61ab9e9e6768f, username: 'saleh', password: '123456' } has no method 'validPassword' I'm not sure what's wrong there app.js (I removed the

问题 My Angular 2 app (coded in typescript) has a simple authentication scheme: User logs in: Server returns JSON Web Token (JWT) abc123... On every API call, the app sends the JWT in the Authorization header Server validates the JWT and grants access Now I'd like to add websockets. I'm wondering how to authenticate the user there. Since I don't control which headers are sent to the websocket server (WS), I cannot send the JWT. My idea so far (not yet implemented): Client opens websocket: let sock

问题 My Angular 2 app (coded in typescript) has a simple authentication scheme: User logs in: Server returns JSON Web Token (JWT) abc123... On every API call, the app sends the JWT in the Authorization header Server validates the JWT and grants access Now I'd like to add websockets. I'm wondering how to authenticate the user there. Since I don't control which headers are sent to the websocket server (WS), I cannot send the JWT. My idea so far (not yet implemented): Client opens websocket: let sock