Due to my complete inability to write secure websites, I'd rather have someone else or something else take care of my Authentication.
Heard Oauth is good and i can assume google authentication would be useful, but main thing is this:
I don't know anything about it.
When you sign into my application using google, does it create a new account on my database? Where does the password go?
What gives me permission to access user's data in my database if I don't have their password to compare it to..
Would I pass the username and password into a rest API which then sends back a True or False depending on if you entered it correctly or not.
If that's the case, won't i have the physical password in order to send it (at least the front end would), I guess you would need to have a javascript function send it to the backend via an ajax request.
Due to my complete inability to write secure websites, I'd rather have someone else or something else take care of my Authentication.
Heard Oauth is good and i can assume google authentication would be useful, but main thing is this: I don't know anything about it.
When you sign into my application using google, does it create a new account on my database? Where does the password go?
What gives me permission to access user's data in my database if I don't have their password to compare it to..
Would I pass the username and password into a rest API which then sends back a True or False depending on if you entered it correctly or not. If that's the case, won't i have the physical password in order to send it (at least the front end would), I guess you would need to have a javascript function send it to the backend via an ajax request.
Someone help.