On Fri, Jan 31, 2020 at 7:53 AM Justin Taylor <JUSTIN@xxxxxxxxxxxxx> wrote:

So you're running Apache anonymously and off-loading authentication to the
app stack, correct?


That's my understanding. Remove the appropriate Apache configuration
directives in order to avoid a duplication of work. Add features to the app
stack to issue credentials, provide for recovery of credentials and
password reset (via email or SMS or both), session expiration, individual
authorization to whatever functionality and content that you might provide,
support for group assignments and group authorities (because individual
authorities can be tedious to manage), etc.

I've heard "OAuth", but I don't know anything about it. I'll add that to
me list to research.


As an aside, our web portal supports OAuth. User IDs and passwords are
stored on an OAuth "realm", which is often run by a 3rd party, which issues
a token similar to what Brad mentioned previously. Your apps can retrieve
that token and query the OAuth realm (via web service) about its
authenticity.

I should say that none of this improves the efficiency of "authentication"
or "authorization". Unless you have a way of maintaining a persistent
connection with the browser, you'll have to authenticate and authorize
every request every time for any resources that you want to remain secure.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.