用javascript保护REST OAuth的API客户端
[英]Securing REST OAuth's API client in javascript
问题描述
I am currently building a REST API in laravel that is using OAuth to authenticate, In short everything the API is working just as a presistence layer. 
我目前正在使用OAuth进行身份验证的laravel中构建一个REST API,简而言之,所有API都像一个持久层一样工作。
Here is an example of how the request looks like. 这是请求外观的示例。 I am testing it out in terminal thorough curl or an api testing tool 我正在使用终端彻底卷曲或api测试工具进行测试
http://example.com/api/auth_token
// Parameters
grant_type: password
client_id: 12312312
client_secret: 56565567
username: fake@fake.com
password: pass
This returns an access token that is valid for an hour. 这将返回一个小时有效的访问令牌。 And then this token has to be used for the actual request. 然后,此令牌必须用于实际请求。
Now i want to use this api on a frontend framework like angular, jquery or simple javascript, but if i do that i would be exposing the user credientials, right? 现在我想在诸如angular,jquery或简单的javascript之类的前端框架上使用此api,但是如果我这样做,我将暴露用户凭证,对吗? because there is no way to secure this in javascript. 因为没有办法用javascript保护它。
I know there has to be a way because this a very common way of how nowadays RESTFULL system work. 我知道必须有一种方法,因为这是当今RESTFULL系统工作方式的一种非常常见的方法。 Anyone aware of how its done? 有人知道它是怎么做的吗?
1 个解决方案
解决方案1
0 2015-08-06 13:46:43
Make a HeaderToken which is being passed on every request. 制作一个HeaderToken,该令牌将在每个请求中传递。 Refer this one http://devcenter.kinvey.com/rest/guides/security 请参阅此http://devcenter.kinvey.com/rest/guides/security
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.