restful-authentication

I am building an API in Yii 1.x which will be used with a mobile application. Part of the process involves a login (with a username and password) using the following JSON request below:- // Request sent with username & password { "request" : { "model" : { "username" : "bobbysmith", "password" : "mystrongpassword" } } } // If successfully logged in return the following response { "response": { "code": 200, "message": "OK", "model": { "timestamp": 1408109484, "token": "633uq4t0qdtd1mdllnv2h1vs32" } } } This token is quite important - once a user is logged in on the app I'd like them to have

I am trying to do authorization using JavaScript by connecting to the RESTful API built in Flask . However, when I make the request, I get the following error: XMLHttpRequest cannot load http://myApiUrl/login . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. I know that the API or remote resource must set the header, but why did it work when I made the request via the Chrome extension Postman ? This is the request code: $.ajax({ type: "POST", dataType: 'text', url: api, username: 'user', password: 'pass', crossDomain

I am using spring security to verify if the user has passed in valid username and password. I also want to validate if the user is a part of a particular group. Though, the credentials verification is working, the group membership verification is not. Do I need to configure ldapAuthoritiesPopulator? Though, the credentials verification is working, the group membership verification is not. I am assuming group membership is combination of ldap base and userDn . Here is a code to help you. public class LDAPDetail{ private String url; //your LDAP url private Long timeout; // some timeout to

I am writing a RESTful API for a fairly complex web application (further referred as api.mywebapp.com) The requirements include that api.mywebapp.com should handle: API level authentication (authorizing client application eg.: mobile app) User level authentication (authorizing www.mywebapp.com registered users so they can access their protected resources) Usage example: Mobile application connects to the https://api.mywebapp.com with a valid basic HTTP authorization header (Authorization: Basic [base64_encoded_username:password]) api.mywebapp.com authenticates mobile app and on successful

I am writing a REST Api gateway for an Angular SPA and I am confronted with the problem of securing the data exposed by the API for the SPA against "data thiefs". I am aware that I can't do much against HTML scraping, but at least I don't want to offer such data thiefs the user experience and full power of our JSON sent to the SPA. The difference between most "tutorials" and threads about this topic is that I am exposing this data to a public website (which means no user authentication required) which offers valuable statistics about a video game. My initial idea on how to protect the Rest API

I have googled about the docs of rest, but I am not exactly sure I understand it. What I can see in rest is that its URL is clean, for example: http://host/webservice.asmx?name=xname&type=xtype If in REST style, it is perhaps: http://host/webservice.asmx/xname/xtype Isn't it? So I just found the URL is cleaner, but I can not find any other advantages. Can anyone tell me more? I have some more questions: I found that some application built on Ruby-on-Rails all use the clean URL, for example: http://xxx/blog/list http://xxx/blog/edit/1 http://xxx/blog/1 So is there any relationship between them?

I have this class that uses JSON Web Token Support For The JVM to create and validate JWT tokens @Component public class JwtTokenUtil implements Serializable { private static final long serialVersionUID = -3301605592208950415L; private Clock clock = DefaultClock.INSTANCE; @Value("${jwt.secret}") private String secret; @Value("${jwt.expiration}") private Long expiration; public String getUsernameFromToken(String token) { return getClaimFromToken(token, Claims::getSubject); } public Date getIssuedAtDateFromToken(String token) { return getClaimFromToken(token, Claims::getIssuedAt); } public Date