Open javuto opened 9 years ago
I agree, implementing OAuth is a hell. I've been using for a long time the most common module to achieve this (https://github.com/ciaranj/node-oauth) and If I had to choose for sure I prefer OAuth 2.0 (security and ease). So I also think It's better to find a simpler solution, at least at this phase of the project. But I think that this guy finally is implementing "his own OAuth". To resume, the options:
As you can see I still have not clear my opinion about this issue xD
We need a method to authenticate against the API, instead of leaving all open. No need to get ourselves into trouble implementing OAuth. This is a good example of what we need: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/