Public key can be used across web applications (could be useful if we use same authentication details for Vue and Ionic apps)
Cons
Since the whole process revolves around a single key, if access to this key is compromised your entire system is compromised
Adds complexity that may not be required for the scale of this project
Cannot edit token once its been given (can't update expire time on a token)
Extra Challenges
Storing the token securely // if not a lot user information is stored in token and can be compromised
transporting it securely
JWTs Sessions can sometimes be hard to invalidate.
Trusting the client's claim.
-Oauth: OAuth allows notifying a resource provider (e.g. Facebook) that the resource owner (e.g. you) grants permission to a third-party (e.g. a Facebook Application) access to their information.
Pros
Easy and fast for the User to create an account
Using facebook or google as resource providers will add security to donors knowing their transactions will go through secure ports.
Cons
Potential donors may have issues with social network sites having information on their browsing habits
Will Innerfaith sanctuary even be okay with implementing something that allows a resource provider information on their traffic
-Session VariablePros
Not a lot of overhead/easy to implement
Cons
User will have to create/register for our website
Database becomes a bottleneck and a thing to maintain - essentially an extra query to be done with every request.
-JSON web token Pros
Fewer database calls
Not terribly difficult to setup
Public key can be used across web applications (could be useful if we use same authentication details for Vue and Ionic apps)
Cons
Since the whole process revolves around a single key, if access to this key is compromised your entire system is compromised
Adds complexity that may not be required for the scale of this project
Cannot edit token once its been given (can't update expire time on a token)
Extra Challenges
-Oauth: OAuth allows notifying a resource provider (e.g. Facebook) that the resource owner (e.g. you) grants permission to a third-party (e.g. a Facebook Application) access to their information. Pros
Easy and fast for the User to create an account
Using facebook or google as resource providers will add security to donors knowing their transactions will go through secure ports.
Cons
Potential donors may have issues with social network sites having information on their browsing habits
Will Innerfaith sanctuary even be okay with implementing something that allows a resource provider information on their traffic
-Session Variable Pros
Cons
User will have to create/register for our website
Database becomes a bottleneck and a thing to maintain - essentially an extra query to be done with every request.