Answer the question
In order to leave comments, you need to log in
What is the easiest way to implement user authentication on an authorized client?
Good afternoon community!
There is the following task: to implement user authentication on an authorized client (native desktop and browsers).
Back in the project consists of three parts:
- SPA_Node (for users using the browser, gives the "front", Node.js),
- API_Node (all business logic on REST, Node.js),
- Ory Hydra OpenID Provider (for OAuth2 ).
The original task is divided into the following subtasks: it is
necessary to implement
1. authentication by tls-certificates of two types of clients: Win Desktop app (C++/Qt) and browser. In the case of a native application, authentication is performed at launch using the [cert, key] pair known to each client and the ca certificate, in the case of a browser, when SPA calls the API. Each physical connection point has its own [cert, key] pair.
2. authorization of both types of clients for access to the service API.
3. user authentication via OAuth2 on an authorized client. This part is implemented via Passport.js (passport-oauth2 strategy). In production, users must authenticate through the ESIA. For authentication on API_NODE, a function is implemented (GET /auth/{provider}), behind which passport.js and session cookies are hidden.
4. user authorization to resources on API Node.
Actually, the question is how to organize and implement this task correctly / easier / faster - simultaneous "double" authorization of the user and the client he uses to access API_NODE resources?
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question