stackoom
  简体   繁体   中英

Authentication using Rest API Correct Behaviour

 原文  2016-02-24 07:31:40       ruby-on-rails/ api/ rest/ authentication/ server-side

Question

I am building a REST API and I am in a login dilemma. What should happen on a subsequent login request once I have already loggedIn and before I SignOut .

So to simplify I do this:

  1. 1st Login Request - Response has a auth_token

  2. 2nd Login Request before logging out - what should be the response?

Should it be the same auth_token or a new auth_token should be generated?

1 answers

solution1
 0 ACCPTED  2016-02-24 07:34:02

REST should be stateless, there is no "login", or "logout", at least not one that the server tracks. Therefore, nothing should actually happen, the user/client should always authenticate, on each request.

This of course does not mean, that you can not cache credentials, but the communication should be stateless nonetheless.

If you are doing HTTP-based authentication, you do not have to worry about this actually, client will always sent authentication information automatically.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use Redmine REST API for authentication What's the correct header to use when using API Key based authentication authentication using google spreadsheet api Google Earth Engine REST API Authentication from Ruby fails How to log in using REST API? Is this the correct way to init an object that is exposed via a Rest API? Help with iOS authentication using user token, rest/rails, and keychain How to use Devise for authentication when using an API Using OAuth as Rails webapp API authentication? Setting up an API using Devise for authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM