Menu
I'm transitioning a server-side web app to a single-page JavaScript app using a RESTful API. Currently. users can authenticate using Facebook, Twitter, Google, etc. or via email and password. How do I allow the same forms of authentication running over a RESTful API? I'm guessing it looks something like this:
Am I on the right track? If so:
799
I would recommend generating an API access keys or using a separate OAuth flow specifically for your API. Conceptually you'll want to separate the act of creating an account with your service, and connecting remote accounts. You could probably pull off what you're describing, but it will be confusing.
For making OAuth easier in the client, check out oauth.io
85
It will be easier for you to handle the authentication process against the identity providers on the server side and not on the client side. So your REST server should support it's own authentication method (that could be also OAuth based), and transfer this to the third party provider. So a flow will look something like this:
Initiate a login process from the client (JS) - call your REST auth endpoint, specifying the network you want to login to (e.g. myserver.com/login?provider=facebook).
Handle the login process on the server side - redirect to the provider login endpoint, receive the login callback, process the response (get the facebook session token etc.).
Issue your own user session (or token if you're doing OAuth), and respond back to your JS client.
There are a couple of social login libraries that can help you, check out http://hybridauth.sourceforge.net/ for PHP or http://code.google.com/p/socialauth/ for Java.
There are also a couple of commercial solutions that can make your life a lot easier (I'm working for Gigya so I'm biased), but that's only if you have a budget.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
