[英]Verifying/signing that a request to my API came from my app and was not spoofed (React Native)
Is it possible to verify that an API call to my server came from my app and was not spoofed with another HTTP request client or similar?是否可以验证对我的服务器的 API 调用来自我的应用程序,并且没有被另一个 HTTP 请求客户端或类似请求欺骗? I'm using React Native with Node on the back-end, and am using a JWT system for authentication.
我在后端使用带有 Node 的 React Native,并且正在使用 JWT 系统进行身份验证。
Context: certain features are only unlocked for users that the app has detected are at a certain location.上下文:某些功能仅对应用检测到位于特定位置的用户解锁。 The only system I can think of for unlocking these is pretty weak - the front-end sends a request to the server with the user's location, and if the location fits then the features are unlocked.
我能想到的唯一解锁这些功能的系统非常薄弱 - 前端向服务器发送带有用户位置的请求,如果位置合适,则解锁功能。 Obviously this request can be spoofed easily, unless I can sign them in a certain way that is unique to the app and is difficult to reverse-engineer.
显然,这个请求很容易被欺骗,除非我可以以某种应用程序独有的方式对它们进行签名,并且难以进行逆向工程。
Any other approaches would be appreciated (eg detect the user's location from the IP address that the request was sent from?)任何其他方法将不胜感激(例如,从发送请求的 IP 地址检测用户的位置?)
you can use Signing certificates of your organisation.您可以使用您组织的签名证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.