Skip to first unread message
Thomas Jetzinger
Sep 11, 2013, 5:30:57 AM9/11/13
to mongoos...@googlegroups.com
Hi,
I'm developing a RESTful API for an embedded device with the help of mongoose.
What is the best way to implement authentication with mongosse? I think a RESTful api shouldn't use cookies?
Best regards,
Thomas
Sergey Lyubka
Sep 11, 2013, 5:52:58 AM9/11/13
to mongoose-users
It might use cookie, or add it's own authentication HTTP header, or pass auth token as a parameter of the request (in URI or in POST data).
For example, Gmail and other Google services pass authentication data in a cookie.
What is the best way is arguable. I think that passing auth data in a HtppOnly cookie + using SSL is acceptable.
RESTful handler should extract the cookie and validate token. If token is not there or expired, handler should
respond with auth error. There should be an endpoint that creates/deletes tokens (login/logout procedures),
accepting username/password pairs or whatever data auth mechanism uses (e.g. SSL client cert).
Note that chat.c example uses cookies for authentication.
Would you like to have a separate, clean example for the RESTful auth?
What sort of documentation would you like to see?
Thanks,
Sergey.
--Best regards,Thomas
You received this message because you are subscribed to the Google Groups "mongoose-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongoose-user...@googlegroups.com.
To post to this group, send email to mongoos...@googlegroups.com.
Visit this group at http://groups.google.com/group/mongoose-users.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages