Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
Bogdan2018-02-20 17:31:56
Ruby on Rails
Bogdan, 2018-02-20 17:31:56

Authentication for api?

Hello. I plan to use Rails purely as an API for SPA on Vue. And how to properly organize user authentication?
1) We send a POST request from the client with a login and password, compare all bcrypt
2) if everything is OK, then we generate a token using SecureRandom.urlsafe_base64 and send it in the response
3) we save this token in cookies for one hour

cookies[:remember_token] = { value: remember_token,
expires: 1.hour.from_now.utc }

4) Well, then access to the api will go through the passed token, and if it is successful, then the cookie session will be extended by one hour.
Well, the scheme is still purely theoretical.
Is there a better algorithm? Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Riley Usagi, 2018-02-20
@RileyUsagi

Just today there was already a question on this topic. Literally on the first page.
Read about JWTs .

Report
X
xmoonlight, 2018-02-20
@xmoonlight

The first mistake is to send LOGIN and PASSWORD with a POST request.
We send always hashed data with the server key!
Minimum information - read here .

Similar questions
A
alexnotonfire2016-01-26 18:39:32
Why does tinymce work in development but crash in production? 2Reply
D
Denis Savitsky2013-05-23 16:09:58
Testing complex dependencies in RedMine plugin? 0Reply
B
Bogdan2018-06-13 16:37:37
Calling private methods? 2Reply
M
mlwrm2016-02-03 21:45:24
How to use has_many ActiveRecord? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question