How to share cookies cross origin? More specifically, how to use the Set-Cookie header in combination with the header Access-Control-Allow-Origin? Here’s an explanation of my situation: I am attempting to set a cookie for an API that is running on localhost:4000 in a web app that is hosted on localhost:3000. It seems I’m receiving the … Read more
Overview I’m looking to create a (REST) API for my application. The initial/primary purpose will be for consumption by mobile apps (iPhone, Android, Symbian, etc). I’ve been looking into different mechanisms for authentication and authorization for web-based APIs (by studying other implementations). I’ve got my head wrapped around most of the fundamental concepts but am … Read more
I have a program that integrates with the YouTube Live Streaming API. It runs on timers, so its been relatively easy for me to program in to fetch a new Access Token every 50 minutes with a Refresh Token. My question is, why? When I authenticated with YouTube, it gave me a Refresh Token. I … Read more
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations. Closed 2 years ago. Improve this question For those building RESTful APIs and … Read more
What is the difference between token authentication and authentication using cookies? I am trying to implement the Ember Auth Rails Demo but I do not understand the reasons behind using token authentication as described in the Ember Auth FAQ on the question “Why token authentication?” 9 Answers 9
I have been reading about OAuth and it keeps talking about endpoints. What is exactly an endpoint? 10 Answers 10
I’d like to know how to get Subversion to change the name that my changes appear under. I’m just starting to use Subversion. I’m currently using it to version control code on an XP laptop where I’m always logged in under my wife’s name. I’d like the subversion DB to show the changes under my … Read more
Can someone give me a step by step description of how cookie based authentication works? I’ve never done anything involving either authentication or cookies. What does the browser need to do? What does the server need to do? In what order? How do we keep things secure? I’ve been reading about different types of authentication … Read more
I am trying to implement stateless authentication with JWT for my RESTful APIs. AFAIK, JWT is basically an encrypted string passed as HTTP headers during a REST call. But what if there’s an eavesdropper who see the request and steals the token? Then he will be able to fake request with my identity? Actually, this … Read more
Are there any existing user authentication libraries for node.js? In particular I’m looking for something that can do password authentication for a user (using a custom backend auth DB), and associate that user with a session. Before I wrote an auth library, I figured I would see if folks knew of existing libraries. Couldn’t find … Read more
