Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dizlv2014-11-28 20:04:36
JavaScript
dizlv, 2014-11-28 20:04:36

How to implement user login via OAuth2.0 in JS application to access REST API?

There is a REST API, access to certain endpoints must be provided through OAuth2 (own OAuth2 server).
You need to attach your JS client to this API, in which the user can directly log in with login / password, receive an OAuth2 token in return, and access to the API through the JS client will be determined by the newly received OAuth2 token.
Intuitively, I understand that you need to register a client for the JS application (client_id, client_secret) and operate on it before the user login, so get a new user token and use it.
But I don't understand what client_id and client_secret should be used when logging in a new user when the JS application is registered as an administrator.
Ultimately, the question is - how to implement a user login for which a client is automatically created in the database?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sergey Romanov, 2014-11-29
@Serhioromano

I don't need any client. I am not familiar with OAuth2, but I assume that the user receives a different token each time they log in and it is stored somewhere. That is the system.
The user logs in.
The server checks the username and password, and if they are valid, it generates a key or token in any way.
The client receives the user's data. Type an object with ID, name, key and everything else and save it in some storage.
Now, with any request to the API, we pass the user ID and token.
On the server, we check whether this user has this token, and if so, we check whether he has the right to receive the data of this request.
In this scheme, of course, some API requests to the server go through even if there is no token and user ID. For example, a request for authorization, or for obtaining public information that everyone can see.

Report
E
evvcom, 2014-12-01
@evvcom

For a WEB application with javascript, everything is pretty detailed on Google: https://developers.google.com/+/web/signin/server-...

Similar questions
K
Kirill Kolesnikov2020-09-14 16:56:38
Elementor. How to make it so that on computers, tablets there are 2 columns, and on mobile 1? 2Reply
K
Kagtaviy2016-06-10 17:22:58
How to solve query problem in mysql golang? 3Reply
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
N
nekiystranger2019-09-05 11:27:01
TurboHD over one cable? 1Reply
V
Vell122016-06-19 01:04:52
How to make such a line at the top of the site? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question