In which application CAPTCHA applicable?

How do I implement an application in which user can be either authenticated by third party or by my own application?

Hi all, I am about to build application which will support both Web and Mobile platform. The back end will be baked with lightweight REST APIs. The REST APIs should be secured by authentication. Users are either authenticated by third party (e.g. Facebook or Google account) or by my application itself (this app will provide user sign up). I have read a bit about HTTP Basic Authentication and OAuth 2 online. The Basic Authentication seems to be enough for my app authentication, while OAuth 2 should works for third party authentication. Individually, I understand each solution. But while combining the two, I am not so clear the authentication flow. Can anyone point out what is the flow like? or give any example? Please correct me if my above statements are wrong. p.s. I am about to use Java, so Play Framework or Spring Framework will likely be used.
Answer:

Two great places to start: http://projects.spring.io/spring-social/ http://securesocial.ws

Was this solution helpful to you?

Other answers

You have to separate a few things and think about what /how you want to achieve authentication and authorization. User Interface - Web pages - You have both Social authentication and your own. When you use your own authentication, what you are doing is , authenticate ( verify username and hashed password against your database or whatever repository and framework you are using ..Spring + LDAP) first and then create some form of token and attach that to cookie /session, etc. ( Mostly its taken care by framework but you get the idea). When you use social authentication, after you re-direct the user to authenticate against http://Facebook.com they are redirected back to your app, once you verify /acquire the access token ( its all part of Facebook OAuth integration , they have samples in many languages), you have to follow the second part of "your own authentication" , the on I underlined above. If you check the framework you are using or ask around for that framework if they support Facebook login, then you know it can be easily integrated and then you can extend that to provide other 3rd party logins ( Twitter , google, etc.) Now comes the REST API. Authenticating the user for web app is different than accessing the REST API. When you access the REST API, you are doing this behind an app ( Web App, Mobile app , etc.) . Yes you can easily enable Basic Auth but then you have to not only give away username and password to every app but also make sure they use it properly ( like not storing them on JavaScript and sending the username and password in REST API call from browser). So what you need is, a way to obtain OAuth token ( or another token /standard) after user is authenticated and use that token to access the REST API. IF I understand it correctly you are not looking to expose your API for 3rd party but rather you want to allow 3rd party sign in (Social Auth) but after that user should be able to access UI or REST API. You can implement OAuth if Its supported by framework, or your own token based system. See my other answer on difference between OAuth and Non authn - Good luck.

Sitaraman Lakshminarayanan

You can check this blog, in which https://scotch.io/author/chris https://twitter.com/sevilayha) explains about the JSON Web Tokens (JWT). They are standard way of implementing authentications. Here is the link: https://scotch.io/tutorials/the-anatomy-of-a-json-web-token

Chandan Gopalakrishna

You can use JSON web Tokens for Authentication. http://techarena51.com/index.php/json-web-token-authentication-with-flask-and-angularjs/

Leonard Gonsalves

Related Q & A:

How do I implement actionBarSherlock?Best solution by androidbegin.com
How do I port my application to OS X?Best solution by Stack Overflow
How do I block email from another yahoo user?Best solution by Yahoo! Answers
How do I know who deleted/blocked the user?Best solution by Yahoo! Answers
How do I make an Application Stand out?Best solution by eHow old

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.