堆栈内存溢出
  简体   繁体   English

JavaScript 应用程序到 Symfony API 其余身份验证

[英]JavaScript app to Symfony API rest authentication

 原文  2017-08-28 14:31:46       javascript/ php/ ajax/ symfony/ authentication

问题描述

I already Googled that, but I didn't found any answer that satisfy me, maybe because it's impossible.我已经用谷歌搜索过了,但我没有找到任何让我满意的答案,也许是因为这是不可能的。

I want to know if I can authenticate a website directly from JavaScript to a Symfony API rest.我想知道我是否可以直接从 JavaScript 验证网站到 Symfony API rest。 My goal is to create a script in JavaScript, which make ajax requests to the API (the API accepts cross origin requests) and get some data in the response, but the website(s) needs to authenticate with the API to get this data.我的目标是在 JavaScript 中创建一个脚本,它向 API 发出 ajax 请求(API 接受跨源请求)并在响应中获取一些数据,但网站需要通过 API 进行身份验证才能获取这些数据。

I can certainly use JSON web tokens or OAuth to make the website authenticate as a user, but in this case I need to have some script on the server side of the website and call it from ajax to get the website authenticate and return the token in the response.我当然可以使用 JSON Web 令牌或 OAuth 使网站以用户身份进行身份验证,但在这种情况下,我需要在网站的服务器端使用一些脚本并从 ajax 调用它以使网站进行身份验证并返回令牌响应。 I don't want to store anything on the website, only put my script tag in the html, to facilitate the installation of the service(it's a widget) for webmasters.我不想在网站上存储任何内容,只将我的脚本标签放在 html 中,以方便网站管理员安装服务(它是一个小部件)。

I also know that I can do that with referrer authentication, but I will avoid that, everyone can change referrer in the request headers.我也知道我可以通过引用身份验证来做到这一点,但我会避免这种情况,每个人都可以在请求标头中更改引用。 I can also put an apikey in the link of the script <script src="mydomain.com/myjs.js?apikey=MY_API_KEY"> but everyone can access the apikey and use it from everywhere.我还可以在脚本的链接中放置一个 apikey <script src="mydomain.com/myjs.js?apikey=MY_API_KEY">但每个人都可以访问 apikey 并从任何地方使用它。

Is there a way to do that safely?有没有办法安全地做到这一点?

1 个解决方案

解决方案1
 0  2017-08-29 06:29:36

After some research I think the only solution is what I already done, apikey-referrer authentication:经过一些研究,我认为唯一的解决方案是我已经完成的 apikey-referrer 身份验证:

How to keep API keys secret when using client side Javascript? 使用客户端 Javascript 时如何保密 API 密钥?

How does Google Maps secure their API Key? Google 地图如何保护其 API 密钥? How to make something similar? 如何制作类似的东西?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 部署Symfony2后端REST API和前端SPA javascript应用 - Deploying a Symfony2 back-end REST API and a front-end SPA javascript app 匿名JavaScript客户端中的REST API身份验证 - REST API authentication in anonymous JavaScript client 来自浏览器中Javascript的REST API身份验证 - REST API Authentication from Javascript in the browser REST API:安全处理Java SPA中的身份验证 - REST API: Securely Handle Authentication in a Javascript SPA JavaScript客户端对REST API的授权和身份验证 - Authorization and Authentication to REST API from JavaScript Client 使用JavaScript Rest API或jquery的Sharepoint身份验证 - Sharepoint authentication using javascript Rest api or jquery 如何在JavaScript中使用JIRA REST API进行基本身份验证? - How to use Basic Authentication with JIRA REST API in JavaScript? 如何在javascript的REST API调用中进行http身份验证 - How to make http authentication in REST API call from javascript 前端应用程序和另一个后端服务使用的REST API的身份验证方法 - Authentication approach for REST API used by frontend app and another backend service 使用REST API的Twitter身份验证 - Twitter Authentication with REST API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM