Reputation: 115
Secure API calls using OAuth 2 data
I have 2 node apps. First is simple RESTfull CRUD API for Mongo DB. Second is Backbone app with Google OAuth 2 access in server (for that I use passport.js).
I want to store authenticated users in Mongo DB collection with some additional information, like role or grantAccess field. First app must check if that users have access to data.
The question is how can I pass information about user to my API, what information I need to send? Could I send hashed copy of oauth token and then compare it with hashed filed from DB or another information? What is the best approach in this case?
Many thanks.
Upvotes: 0
Views: 374
Answers (1)
Reputation: 2221
There is two options:
Implement oauth2 on your server.
Store on your google access token on your backbone, then on every request send the access token to your restful crud. On the server get the id of the owner of the access token, query your mongodb for the user that have the google id registered, and get their premissions.
I've use this approach to auth my app (but with facebook), because you could trush on the response of facebook or google, I think.
Upvotes: 1
Related Questions
- How to secure a simple Node.js RESTful API
- How do I secure rest api?
- Securing Node.js RESTful APIs
- What is the standard way to secure a REST API using Tokens?
- Accessing REST APIs secured using OAUTH
- Secure node.js restful API
- NodeJS OAuth2.0 principles
- Securing API communication with Oauth
- API Security/Authorization
- Secure APIs using Node.js