Last post Mar 15, 2018 11:17 AM by mgebhard
Mar 15, 2018 09:27 AM|bluMarmalade|LINK
Hi, i'm not all too familiar with how authentication and authorization works in web apis, I have successfully implemented this in traditional/monolithic mvc apps.
This is my problem;
I have many standalone apps that do specific tasks, like one is a wiki-like archive, one app is a meeting scheduler, another app is a sort of notification hub etc.
All of these need login and access control, but making that for each one is not practical so i'm wondering if it is possible to make one app that works as a loginplatform for these and future apps? would that be a web api and must I then build all these
other stand alone apps that can be on different servers into web apis(allowing for example only traffic from the loginplatform app?)?
What would be the "correct" way of architecting this? I don't know how web api login works, I just figure that this kind of thing must be one of the strenghts of using api's instead of monolithic apps. Of course I need frontends, but i'm just talking about
accessing different backends on the same login.
Any help wold be much appreciated
Mar 15, 2018 10:38 AM|Dmitry Sikorsky|LINK
Correct way to fix that is to use SSO (Single sign-on: https://en.wikipedia.org/wiki/Single_sign-on). You should have some trusted identity provider (like Facebook, Google or your own one) which
will contain user information for all of your applications. When user needs access to a restricted part of the application, it (application) redirects him to the Facebook (for example) login page where he can login or register.
It works for API as well, but usually GUI is used to sign in user (like Facebook login page) because it helps to avoid need to send login and password by API to sign in the user.
Mar 15, 2018 11:17 AM|mgebhard|LINK
See the following doc
It explains how to build an Authorization Server using OAuth.