
The two application is developed in PHP Laravel web application. In the application, App 1 and App 2 are two difference Application and being managed by two different team. App 1 is use to trim video while App 2 is use to showcase their video.
The current login method of two application is email password login.
POST the results to App 2 (Ex. Instagram).The thing that I concern is the authentication part of App 2. How do we authenticate the user in App 1 before sending the videos to App 2 due to difference user login method?
Not really sure about the terminology used for this type of authentication. Feel free to let me know in the comment section. Thank you very much.
Authentication between different applications can be achieved using various methods.
Option 1: OAuth 2.0
OAuth 2.0 is a widely used protocol for authentication and authorization. It involves the concept of access tokens, which can be used to grant access to resources on behalf of a user.
Implementation:
User Logs In (App 1): When a user logs into App 1, generate an OAuth token. Token Exchange (App 1 to App 2): Send this token securely to App 2 along with the video and user details. Token Validation (App 2): App 2 validates the token against its OAuth server.
Option 2: JWT (JSON Web Tokens)
JWTs are compact, URL-safe means of representing claims between two parties. They can be signed and encrypted for additional security.
Implementation:
User Logs In (App 1): When a user logs in, generate a JWT containing user information. Send JWT (App 1 to App 2): Send the JWT securely to App 2 along with the video. Token Verification (App 2): App 2 verifies the JWT's signature and extracts user information.
Option 3: API Key with HMAC
This approach uses a combination of an API key and HMAC (Hash-based Message Authentication Code) for secure communication.
Implementation:
Generate API Key (App 2): App 2 generates an API key and shares it securely with App 1. Request Signing (App 1): Sign the request (including video and user details) using HMAC with the shared key. Verify Signature (App 2): App 2 verifies the signature using its shared key.
Recommendation:
Choose the method that best aligns with your security requirements and infrastructure. OAuth 2.0 is a good choice for standardized authentication, while JWTs provide a lightweight alternative. The API key with HMAC is simpler but effective if implemented securely.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With