What is the authentication mechanism when writing an API?

A

Andrey2019-10-28 20:48:21

API

Andrey, 2019-10-28 20:48:21

First time writing API backend using OAuth2.0.
I already dealt with OAuth (wrote clients for vk), but only from the client side.
The question arose, how to organize authentication (not authorization) when working with OAuth?
Those. for example: there is an API client that has a login-password entry form, the user of this client drives in his data, clicks "Login", but I don't quite understand what's next. I understand that the request goes to the server, it checks the data, if they are correct and there is such a user, then what should he do? And how in the future should the client “tell” the server that this is a user and how should the server understand that he has already been authenticated?
I tried to search for information on the Internet, I saw several articles that prompted certain thoughts, but the whole mechanism is still not fully understood.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton Shamanov, 2019-10-29
@andreybold

and here's what I don't quite understand

if the login/password is correct, you return an access token, if not, an error message. Everything is written in the documentation with examples (and it seems there was a Russian fork of the documentation).

J

JhaoDa, 2019-10-28
@JhaoDa

Those. for example: there is an API client that has a login-password entry form, the user of this client drives in his data, clicks "Login", but I don't quite understand what's next.

Read the OAuth 2.0 specification.
Or take a ready-made solution for OAuth2.0, their car for any language / framework and not worry, learn the basics while using it.
Of course, if you are not writing a Very_Important_Application_For_Work_With_Confidential_Data there, then it’s better to give yourself a hand and read the specification (well, or do something simpler).