restful-authentication

问题 I am fairly new to .net and I am trying to create a restfull service where you can authenticate via OAuth2 to a service like facebook and also be able to login with a "normal account". The SPA template from VS2013 allowed me to do this quickly and easily and I am very happy with it. Right now I am facing a different problem. I can't seem to find a way to separate access for these different types of logins. For example, I want to allow only users from the oauth authentication method to access

问题 Hey all i am trying to figure out how to do this OAuth authorization token for a REST API POST call. The documents state: With a valid access token, your app can make calls to any Yammer API endpoint by sending the access token as a “Bearer” token in the “Authorization” request header. GET /api/v1/messages/following.json HTTP/1.1 Host: www.yammer.com Authorization: Bearer abcDefGhiFor more details on the “Bearer” token refer to [enter link description here][1] If the access token expires or

问题 I am building a web application in which two of the major components are the website and a backend RESTful web service. The website will make calls to the RESTful web service which does the heavy lifting. I am planning to use Spring Security for both tiers. I imagine that the website will use form authentication and the RESTful API will use basic authentication (over SSL). However, I'm not sure how to provide authentication credentials to the REST API as the website will likely have a session

问题 Breaking down what makes a conditional GET: In RFC 2616 it states that the GET method change to a "conditional GET" if the request message includes an If-* ( If-Modified-Since , If-Unmodified-Since , If-Match , If-None-Match , or If-Range ) header field. It then states: A conditional GET method requests that the entity be transferred ONLY under the circumstances described by the conditional header field(s). From my understanding this is saying it will only return the data being requested if

问题 i am working with RESTFUL APIs . my front-end(http://localhost:3000/) and back-end(http://workless/services) are in different origin. Because of that i have implemented the CORS mechanism to access the sevice from different origin. it like bellows.. if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); // optional configuration header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 86400'); // cache for 1 day } //

问题 I created a basic REST service that works when it is invoked over a http connection. But when I try to add SSL on top I have some problems. This is the code for the server creation: private HttpContext getHttpContext() { HttpsServer server = null; try { server = HttpsServer.create(new InetSocketAddress("localhost", 443), 5); server.setHttpsConfigurator(new HttpsConfigurator(SecureChatSslContextFactory.getServerContext()) { public void configure(HttpsParameters params) { SSLContext context =

问题 I'm calling the following code: $.couch.login($.extend({ name: "harry", password: "secrets"}, callback)); $.couch.session(callback); where "harry" is just a dummy user I created using $.couch.signup and callback is a simple object specifying success/error/complete functions with bodies like these: success: function (data) { console.log('Success'); console.log(data); } This code returns the following: Success Object {ok: true, name: "harry", roles: Array[0]} Success Object {ok: true, userCtx:

问题 I want our service to advertise more than one authentication scheme: for example both Bearer and some custom scheme, say X-Custom. (I have an OWIN middleware component for each scheme). I take if from RFC 2616, sec 14.47 there is more than one way to do it: Option a) multiple headers WWW-Authenticate: Bearer WWW-Authenticate: X-Custom Option b) comma-separated list WWW-Authenticate: Bearer, X-Custom My preference would be option a) so a client only has to do something like Response.Headers

问题 An external organization that I work with has given me access to a private (auth token protected) docker registry, and eventually I would like to be able to query this registry, using docker's HTTP API V2, in order to obtain a list of all the repositories and/or images available in the registry. But before I do that, I'd first like to get some basic practice with constructing these types of API queries on a public registry such as Docker Hub. So I've gone ahead and registered myself with a

问题 I have a super redundant server.js file, since nearly every method in it belonging to the REST API starts like that, as I have to check at the API requests whether the client is authorized to ask for the particular thing. var jwt = require('jsonwebtoken'); // ... app.get('/getsomething', function(req, res) { "use strict"; var token = req.headers[tokenName]; if (token) { jwt.verify(token, app.get('some_secret'), { ignoreExpiration: false }, function(err, decoded) { if (err || typeof decoded ==