Menu
I am building a REST API which needs to be reasonably secure - no payment details are passed, but I want to ensure accounts don't get hijacked, for instance.
I have looked at implementing 2 Legged Oauth, but I can't see any real advantage to just using basic auth over SSL (with a high entropy programmatically generated API key as the password)
Are they any scenarios where 2 Legged Oauth is more secure than HTTP basic auth over SSL?
296
HTTPS is the complete HTTP data sent over a SSL connection.
The data sent through the HTTP basic auth is also encrypted if you use HTTPS.
Basically, so it should make no difference.
Bad could may be that you have to store the password on the client computer with HTTP basic auth.
With oAuth far as I know only a token is stored.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
