FAQ Database Discussion Community


Why is my spring boot stateless filter being called twice?

rest,spring-security,spring-boot,restful-authentication,jwt
I'm trying to implement stateless token-based authentication on a rest api I've developed using Spring Boot. The idea is that the client includes a JWT token with any request, and a filter extracts this from the request, and sets up the SecurityContext with a relevant Authentication object based on the...

Best way to secure Private REST API without user authentication for mobile app

php,android,api,rest,restful-authentication
I am making some Restful APIs for my mobile application. The communication between APP and webserver has to be made in REST. These apis should be private , and only my app should able to call them for successful results. The tough part is, there is no user id and...

Should I place SPA and RESTful API in different servers?

rest,oauth,single-page-application,restful-authentication
I'm developing a Single Page Application (SPA) and a RESTful API to serve resources to it. Since I'm going to develop mobile applications, and even open the service to third parties in the future I thought of placing the SPA in one server and the REST API in other. I...

How to Encrypt password for REST API authentication

javascript,rest,restful-authentication
There is a lot resources about how to secure REST API access, but this not what I am looking for. I am going to use provided REST API with Basic Authentication (and this cannot be changed easily :( ). Obviously I can go with: var requestOptions = { hostname: "rest.api.url.com",...

ServiceStack Authenticates both iOS Apps when one is logged in

rest,xamarin,servicestack,restful-authentication,servicestack-auth
I'm using the awesome ServiceStack to implement my REST backend which serves two iPhone apps written in Xamarin. Everything works great but i'm struggling in getting sessions to work correctly when the two apps are installed on the same device ! The issue is that if I login in one...

does authentication_token for simple_token_authentication expires?

ruby-on-rails,api,devise,token,restful-authentication
i have an api feeding mobile apps and im using simple_token_authentication for users login and register. The thing is i want to keep the user logged in as long as he doesn't himself close the app or log out. I guess there might be something on devise initializer, but considering...

Simple example of restful web service Python and client basic authentication

python,web-services,tornado,restful-authentication
For study purposes I'd like to know if there is a simple dummy example of how to handle a http request with basic authentication using python. I'd like to follow the same pattern from a example I've found and adapted, as follows: '''webservice.py''' import tornado.httpserver import tornado.ioloop import tornado.web import...

OAuth2 redirection fails with CORS error

redirect,spring-security,oauth-2.0,cors,restful-authentication
I have a RESTful service which I have secured using Spring Security and pac4j-oauth. An important detail is that Google is acting as the OAuth2 server-- we need the user's Gmail address to know if they are a legal user of our system, and eventually the service will also need...

OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN

spring-security,oauth-2.0,cors,single-page-application,restful-authentication
Our stack uses Backbone as our client-side app and Spring Boot as a RESTful API. We're trying to make basic authentication using OAuth2 with user providing username and password. We use Spring Security for authentication and jQuery $.ajax method for making requests. However the response we get is 401(unauthorized) status...

Web2py Authentication for Restful service and also application users

web2py,restful-authentication
In web2py we can have restful services as mentioned below, auth.settings.allow_basic_login = True @auth.requires_login() @request.restful() def api(): def GET(s): return 'access granted, you said %s' % s return locals() This service will be called by external system. Now how to define two level of service usage. One user who can...

AngularJS Successful 401 Intercept Still Throws 401

javascript,angularjs,restful-authentication,http-status-code-401
I have a working angular interceptor service which redirects to a log in page on a 401 response being received from a service call The issue is that the 401 is still shown as a JavaScript error in the Google Chrome console GET http://domain:port/api/url 401 (Unauthorized) ... angular.js:9658 Is this...

How to use jti claim in a JWT

node.js,rest,express,restful-authentication,jwt
The JWT spec mentions a jti claim which allegedly can be used as a nonce to prevent replay attacks: The jti (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the...