Archive

Posts Tagged ‘oauth’

OAuth For HTTP and REST API Authentication

November 24th, 2014 No comments

Authentication is to verify users are really whom they claim they are. Since its inception, HTTP(s) has used different approaches like BASIC authentication, Form based authentication. Both require passing the user name and password from the client to the server. It’s definitely not good idea to use HTTP because the password is passed as it is or with very limited encoding like BASE64 – very easy to intercept the IP packets and extract out the password. When HTTPs is used, it’s much harder to get the password as all the traffic are encrypted. Still it’s subject to attacks like man-in-the-middle.

Categories: Software Development Tags: , , ,