Reputation: 76
How are REST services authenticated using tokens
I have been through various blogs explaining the use of Tokens for authentication. But none of the sites have explained how the token authentication works at the REST service side. For eg: I have a token T1 which is given to my app by the authentication server. I will send this T1 with my request for REST service S1. So how will S1 come to know that T1 is from authenticated client? And does the request for REST services goes through authentication server everytime?
Upvotes: 1
Views: 56
Answers (1)
Reputation: 21923
I have a token T1 which is given to my app by the authentication server. I will send this T1 with my request for REST service S1. So how will S1 come to know that T1 is from authenticated client?
This depends on the implementation of your authentication mechanism in server side. If you use OAuth for example it will be based on a client_id and client_secret specified in the client side.
And does the request for REST services goes through authentication server everytime?
Yes, REST Services are supposed to be Stateless so for each and every request some authentication logic is executed to verify the Token (OAuth, Custom, etc) is a valid one. It may not be complete flow of going to authentication server and coming back but there is some logic based on your security implementation.
Upvotes: 1
Related Questions
- REST authentication / authorization
- Token based authentication in REST APIs
- REST API Token-based Authentication
- REST Web Service authentication token implementation
- Service-Based Authentication Using Tokens
- Where exactly is REST authentication used?
- REST API authentication tokens
- What is the point of Authentication tokens on REST services
- How is authentication done in Rest?
- How do I implement authentication the restful way?