restful-authentication

问题 I'm writing an application using Symfony2 which will interface with the Wordnik REST API. Currently, the Wordnik API does not offer OAuth capabilities, so I have to accept a username and password which I'll then transparently pass to the API interface. I'd like to integrate this API authentication into Symfony2's security system, but so far I haven't been able to identify what the best implementation route is. I don't think the custom user provider is correct, because the password is not

问题 I'm working on building a RESTful API for one of the applications I maintain. We're currently looking to build various things into it that require more controlled access and security. While researching how to go about securing the API, I found a few different opinions on what form to use. I've seen some resources say HTTP-Auth is the way to go, while others prefer API keys, and even others (including the questions I found here on SO) swear by OAuth. Then, of course, the ones that prefer, say,

问题 I have a web service written as an ASP MVC application which basically uses rolling cookies as its authentication mechanism. So someone sends their username and password over https to the service, it then verifies them and issues them a cookie containing a token, user identifier and timestamp as HTTPONLY and SECURE. Then whenever the users need to access pages which require authentication the cookie is sent over and verified with the timestamp and the token against the user, assuming that

问题 I have a web service written as an ASP MVC application which basically uses rolling cookies as its authentication mechanism. So someone sends their username and password over https to the service, it then verifies them and issues them a cookie containing a token, user identifier and timestamp as HTTPONLY and SECURE. Then whenever the users need to access pages which require authentication the cookie is sent over and verified with the timestamp and the token against the user, assuming that

问题 I am importing private data into Google Spreadsheet using the function ImportXML. To make this work, I have written an API. However, since the data in private I would like to make the API private. I can do that. The problem is to do it in a way so that Google Spreadsheet can communicate with my custom API. Preferably, I would like to use OAuth 2.0 with the user logged into Google Spreadsheet. Is this possibly? Other suggestions are welcome. 回答1: This is possibly. First, make your custom API

问题 I'm trying to create a simple user authentication function but I just can't get it to work. Here is the code I'm working on: public class LoginController : ApiController { private void SetPrincipal(IPrincipal principal) { Thread.CurrentPrincipal = principal; if (HttpContext.Current != null) { HttpContext.Current.User = principal; } } public bool Login(string token) { //Check token if (.....) { //Authenticate user var identity = new GenericIdentity("Test user"); SetPrincipal(new

问题 I'm building a simple application to learn Python 3 and Flask. The goal is to consume data from the Spotify API and for that I need to authenticate using OAuth 2.0. I'm able to provide my credentials to Spotify Accounts however during the callback the following error is happening: File "app.py", line 59, in callback access_token = response_data["access_token"] KeyError: 'access_token' Code sample: post_request = requests.post(SPOTIFY_TOKEN_URL, data=code_payload, headers=headers) response

问题 Please provide your feedback on my solution against following requirements. Requirement (similar to): 1.a let say that authentication Token is made out of the Email and date and is encrypted 1.b authentication Token is send back to the client through header 1.c authentication Token is stored on client and server My solution : 1) To send authentication Token back to the client through header. i have used cookie, and following code. HttpCookie cookie = new HttpCookie("AuthenticationToken");

问题 I have a question regarding RESTful API design. Following the guidelines of REST, all endpoints should be nouns and in plural, and should never be verbs. However, it is customary to have authentication routes be: /login /logout which are both verbs. If you should be true to the guidelines these routes should look more like this instead: /users?action=login /users?action=logout but I've never used any API that has this particular authentication implementation, everyone uses the first one, me

问题 I am working with Django users, and I've hashed the passwords when I create an user with Django REST Framework and I override the create and update methods on my serializer to hash my passwords users class UserSerializer(serializers.ModelSerializer): #username = models.CharField() def create(self, validated_data): password = validated_data.pop('password', None) instance = self.Meta.model(**validated_data) if password is not None: instance.set_password(password) instance.save() return instance