search

hyperoslo / api-playbook

A place to define the conventions we use to build APIs
4 stars 1 forks source link

Authentication #3

Closed fespinoza closed 7 years ago

fespinoza commented 9 years ago

a proposal of how authentication should work for hyper’s apis

jgorset commented 9 years ago

What's the rationale behind prefering Bearer to Basic for applications with multiple users? Just that it doesn't expose the username and password in plain text, or is there another reason (or many) that I'm missing?

sindrenm commented 9 years ago

I prefer the token-based approach using JWT. It allows storing the token in LocalStorage, and only authenticating once, not on every request.

fespinoza commented 9 years ago

you can have http basic auth with multiple users, but for flexibility (for example allowing users to sing in using username instead of email).

and @sindrenm that is the idea at least with the Authorization: Bearer TOKEN to authenticate once, then send the token via the Authorization header in every request, unless i am using the header wrong

sindrenm commented 9 years ago

Nope, this is completely correct, @fespinoza, I was really just answering @jgorset's question. :smiley:

fespinoza commented 7 years ago

close because of inactivity