N
N
Nikita2019-03-13 14:12:40
User identification
Nikita, 2019-03-13 14:12:40

How to make authorization without using a server?

It is necessary to make a simple authorization.
When entering any login / password, generate a token and save it in localStorage.
Do not let the user enter the site without a token. I use Vue-cli-3, and I don’t quite understand how to attach the server and requests to it there, so I plan to do everything through the client side. As an option - store user data (login, encrypted password, token and information) in the same LocalStorage or in SessionStorage, and the active user token - in cookies or session, and compare them with each other. I'm almost sure that this is wrong, can you suggest options? The option with the server and the database is not needed, you just need to implement the functionality described above

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Andrey Andreev, 2019-03-13
@b0nn1e

How to make authorization without using a server?

no way

D
Darkhan Kamaliev, 2019-03-13
@darakanoit

In fact, you can create some text file with logins and passwords (users)
and validate it.
Encrypt the whole thing and go ahead. (Purely in theory)

R
rPman, 2019-03-13
@rPman

Without server authorization, this is when you generate a private key for asymmetric encryption (when you 'create an account' on the client) and send the public key 'to everyone who wants to read your messages', i.e. encrypting messages and, in general, all communication with your private key, only those who will decrypt them with your public key will be able to read it (and by the way, vice versa, so that a message is sent to you - the sender encrypts it with a public key, and you decrypt it with a private key).
those. formally, there is no authorization here, as a process, but on the client side, it is possible that the application will somehow block access to the private key, additionally encrypting it with a password (for storage on disk) and requesting it from the user.
The main problem that decentralized networks like dht or how it is done in crypto-currencies solve, for example, is, in principle, the organization of message transfer and primary synchronization - you need to connect to someone very important ... i.e. you need at least some server, but not for authorization, but simply for communication.
And of course, the main inconvenience for the user is that his account is not stored somewhere on the server, but is located on the user's disk, and in order to 'connect' from another device, these private and public keys must somehow be synchronized between them.
pps do not fool around, do everything right on the server.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question