开发者

OAuth recommended for async data transfer in own webapp?

开发者 https://www.devze.com 2023-01-09 07:03 出处:网络
I am making heavy use of async requests by Javascript to the webserver. Since I am b开发者_StackOverflowuilding a multitenant application, I want to restrict access to the json services on the user le

I am making heavy use of async requests by Javascript to the webserver. Since I am b开发者_StackOverflowuilding a multitenant application, I want to restrict access to the json services on the user level.

I read a lot about OAuth being recommended for consumer authentification. In my scenario, would the Javascript (client) side be regarded as the consumer and, hence, would you recommend using OAuth for that purpose? If not, what alternatives would you recommend?


OAuth is best at providing a method other than direct sharing of username and password with third party applications or web sites. I would use OAuth or something like it only in the case that you need to provide this type of third-party access to your web application.

If the JS client will be running in a web browser that the user has already logged in to your service, you might just as well use the session cookie that you have already established to authenticate each request.

In fact, such a session cookie will automatically be shared as part of any XHR to your web service.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号