Adding authentication functionality to API

[javuto]

We need a method to authenticate against the API, instead of leaving all open. No need to get ourselves into trouble implementing OAuth. This is a good example of what we need: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/

[jesusprubio]

I agree, implementing OAuth is a hell. I've been using for a long time the most common module to achieve this (https://github.com/ciaranj/node-oauth) and If I had to choose for sure I prefer OAuth 2.0 (security and ease). So I also think It's better to find a simpler solution, at least at this phase of the project. But I think that this guy finally is implementing "his own OAuth". To resume, the options:

• The post commented by @javuto. As I said I like it but I'm not sure if it's simpler that using an OAuth library.
• Passport: Too much for our project, moreover it's designed to work with Express
  • http://scottksmith.com/blog/2014/05/29/beer-locker-building-a-restful-api-with-node-passport/
  • http://scottksmith.com/blog/2014/09/18/beer-locker-building-a-restful-api-with-node-username-and-password/
• Digest: I come from the VoIP world in which digest is the standard and I hate it. Moreover it's neither easy to implement.
  • http://scottksmith.com/blog/2014/09/14/beer-locker-building-a-restful-api-with-node-digest/
• OAuth: Not simple at all and OAuth 2 implementations are not too much serious for now:
  • http://scottksmith.com/blog/2014/07/02/beer-locker-building-a-restful-api-with-node-oauth2-server/

As you can see I still have not clear my opinion about this issue xD