Reputation: 3875
Should I use OAuth/OAuth2 for SOA type web services?
My company is making a product where we have both a front and backend. The backend essentially provides all the brains as far as user information. The front end is something that will be displayed to the user (obviously), but if may have different front end implementations (including our own reference implementation).
My company wants to use OAuth to validate the user login information. I've looked into OAuth a bit and it seems that OAuth 1 would require the user to post a key into the front end app. Does that at all sound right? It seems a little contrived to me because all the data resides on the backend. We really just want to verify that the front end is from a legit 3rd party. Is OAuth overkill for that? Would OAuth 2 be a better fit?
Keep in mind in working with Ruby on Rails and so I'm not sure how great the OAuth2 gemsets are.
Thanks
Upvotes: 0
Views: 883
Answers (1)
Reputation: 25929
OAuth might be an overkill if you are only using it internally. However since you're implementation would just be a reference design and you expect 3rd parties to connect it seems a good decision to rely on a standard.
As ruby implementations goes - you probably want to look at oauth-plugin (on the rails side) and oauth2 (client) gems
Upvotes: 2
Related Questions
- Service to Service authentication , service identity and access rights management
- Is OAuth 2.0 the proper tool for securing access to web service?
- Is OAuth good choice for RESTful API in this SaaS scenario?
- SOA - Authentication Service design
- Is OAuth overkill in this situation?
- Building an API with/without OAuth and OpenID
- Implementing oauth in a Rails app: one user model or two (user + authentication)?
- Rails, oauth vs oauth2
- advice on ruby rails authentication approach using web service for authentication and session management
- Using OAuth as Rails webapp API authentication?