Menu
I believe the best practice for RESTful API's is to be stateless. I read abit about stateless authentication but am not totally clear how to implement it (looks like a mess of tokens etc). PassportJS is a nice authentication library, but its not stateless? Is there some kind of library that helps me create stateless API's (with authentication)? I will want to use SSO (single sign on) like Google, Twitter etc. so it will be nice if the library handles that for me (like PassportJS does).
825
OAuth2-server If you're looking to build your own OAuth Authentication server that will be used to generate, sign and manage authorization codes, access tokens and refresh tokens for other apps, then this is the library for you.
Stateless authentication uses tokens, most often a JSON Web Token (JWT), that contain the user and client information. The server only has to match the token key and cryptographic signature with the information on file, meaning it can do far less work in looking up identity provider (IdP) information.
Token-based authentication enables users to obtain a token that allows them to access a service and/or fetch a specific resource without using their username and password to authenticate every request.
AM OAuth 2.0-related services are stateless unless otherwise indicated; they do not hold any token information local to the AM instances. Instead, they either store the OAuth 2.0/OpenID Connect tokens in the CTS token store, or present them to the client.
I am currently developing a REST API and using PassportJS Basic Auth (for dev purposes) with no sessions. You can tell the strategy to not use sessions:
passport.authenticate( 'basic', { 'session' : false } )
passport.authenticate( 'bearer', { 'session' : false } )
passport.authenticate( 'token', { 'session' : false } )
See here at the bottom.
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
