Questions tagged [authentication]
Authentication is the act of one entity proving its identity to another entity. Common examples involve public key cryptography. For example, proving that a banking web site actually belongs to the bank you think it does.
438 questions
1
vote
1
answer
215
views
Prevent unregistered users from accessing the system using JWT?
I am working on an identity and users service in a microservices system for which a passwordless, SMS-based authentication is a hard requirement, i.e.
User enters their phone number
System sends the ...
- 227
6
votes
2
answers
1k
views
How dangerous is storing sensitive information in LocalStorage?
Since I started studying security in web applications, it seems that everyone always says to never store sensitive information (e.g., refresh tokens, access tokens, and so on) due to the risk of ...
- 165
3
votes
4
answers
418
views
Does possession of a valid JWT automatically imply the user is authenticated?
I am tasked with implementing authentication and authorization in a distributed environment, so I plan to use JWT.
I get how authorization works with JWT - if the token is not expired, and the ...
- 227
4
votes
3
answers
228
views
Achieving Multitenancy with an External Identity Provider
We are designing a backend system for a large platform where users can interact with multiple products on behalf of different companies.
We plan to use Keycloak as an external identity provider. The ...
- 165
2
votes
3
answers
426
views
Handling authorization and authentication with an API gateway
Recently, I’ve found myself designing a microservices system, and I’m currently facing some challenges with authentication and authorization.
Context
All my microservices will be placed behind an API ...
- 165
2
votes
0
answers
163
views
Invalidate session for user in authentication
when user login in my web application (Article Website) I'm using Redis to cache the refresh token. So when user login I will generate refresh token and send it to him. While caching in my Redis the ...
- 21
1
vote
1
answer
104
views
What type of authentication/identification is needed?
The specs:
Mobile apps
LLM wrapper (of e.g. OpenAI API)
The chat history will be stored on the client
Backend is needed to manage the api key and to track token consumption / payment (how many tokens ...
- 391
0
votes
2
answers
109
views
Using unique attributes for user login
Suppose a user can have multiple emails. A given email may be held by at most one user.
Is email a good pick for login purposes (so that it's used instead of the username)? Should an authentication ...
- 2,030
1
vote
2
answers
269
views
API supporting multiple authentication providers?
I am currently looking at building an API server that will support multiple authentication providers (Google, GitHub, Keycloak, etc) and I am trying to work out what’s a good way to go about it. Two ...
- 119
3
votes
1
answer
128
views
Is there a context in oAuth, reusable in the callback?
I am developing a home-grade web application (server-client, based on Nuxt and nuxt-auth-utils). I am using the opportunity to learn something about oAuth (and OpenID).
One of the issues I face is ...
- 1,661
3
votes
2
answers
512
views
Why do I need an authorisation server if my micro services can validate JWTs directly?
I'm working on a Spring-based micro service project and considering different approaches for handling authentication and authorization. Instead of setting up a dedicated authorization server, I'm ...
- 59
-1
votes
1
answer
190
views
Which authentication method to use?
I have a REST API with protected endpoints, which require an AccessToken for access. For the user to receive the AccessToken, they need to access the login endpoint and with the correct credentials (...
- 11
4
votes
1
answer
180
views
Next Auth Flow For Use with Ruby on Rails API
I plan to have a frontend web app written with Next.js using the AuthJS library to provide user authentication using Oauth. This frontend application depends on a backend API. I want to make sure my ...
- 149
0
votes
1
answer
121
views
Database structure for two-step registration flow
I'm trying to design a database for supporting a multi-step registration flow. The registration flow goes like this: the user logs in via OAuth (which creates a session and user), then they're asked ...
- 123
0
votes
0
answers
104
views
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token ...
- 9