Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
thorii2018-07-17 00:04:48
API
thorii, 2018-07-17 00:04:48

What is the best way to authorize a WEB application through the API server?

An API-oriented application has been deployed (the API-server has its own login and registration forms) and a frontend application.
1 - Now the frontend authorization is done using an API request ( oauth/token?grant_type=password ) using the client credentials method . The front application receives the token after sending the login and password and saves it in a cookie.
2 - I suppose that it is better to leave the authorization on the API server and, upon successful login, redirect the user with the token to the front (web.app.com?token=token) where the token will be written to the cookie.
3 - Perform authorization on the API server and set a token cookie for the web.app.com domain (frontend application) from it, then redirect the client to this domain?
How is it better?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dimonchik, 2018-07-17
@thorii

get for mitm is always nicer than POST and cookie

Similar questions
D
dimonuzzz2015-09-30 16:02:22
How to upload an image to the vk server via a link? 1Reply
G
Gabe_B2021-06-11 15:51:15
How to get messages through the VKontakte API? 0Reply
J
Jozo2018-02-07 17:34:13
How to setup Health check load balancer on nginx? 1Reply
M
mihzas2015-10-03 10:26:14
Which API (Google) would you recommend for speech recognition? 1Reply
A
Alex1987g2020-04-20 13:17:11
Are there worthy analogues of the zvonok.com service? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question