Authentication is the act of one entity proving its identity to another entity. Common examples involve public key cryptography. For example, proving that a banking web site actually belongs to the bank you think it does.
Questions tagged [authentication]
421 questions
34
votes
2 answers
Cookie-based vs Session vs Token-based vs Claims-based authentications
I have read about authentications and become confusing about types classification.
Let's start from Cookie-based authentication, If I understand it right, the key point is that all data, needed for user authentication, is stored in cookies. And…
Set
- 449
16
votes
3 answers
Web Authentication using PKI Certs
I understand PKI reasonably well from a conceptual point of view - i.e. private keys/public keys - the math behind them, use of hash & encryption to sign a certificate, Digital Signing of Transactions or Documents etc. I have also worked on projects…
user93353
- 441
8
votes
2 answers
Implementation of single authentication point
I am building a series of web apps connected to a single point of authentication. Basically, a user tries to access a site, if not authenticated they are redirected to the central auth system's login page. Once they successfully login, they are…
Rocket04
- 1,076
6
votes
1 answer
How do you get the usernames/passwords onto a STUN or TURN server for long-term credential authentication?
The STUN and TURN specifications allow for client authentication using usernames and passwords, and call this authentication via long-term credentials. In fact, TURN requires that clients authenticate by this means.
However, I would assume that…
Mike Liu
- 123
- 2
- 6
5
votes
2 answers
Sharing Authentication Across Subdomains using cookies
I know that in general cookies themselves are not considered robust enough to store authentication information.
What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to…
Jordan Reiter
- 623
2
votes
2 answers
How can I authenticate/approve a user and still maintain anonymity in a web application?
This is a systems architecture question.
I'm in the process of planning an online platform that will collect people's medical information. Because of the extremely sensitive nature of the data being submitted, I want to ensure complete anonymity.
A…
Andy Hickey
- 29
2
votes
1 answer
User auto account deletion when using OAuth2
Web app users can delete their accounts, they re-enter the password and if it fits, the account and its assets are removed (soft deletion).
They can register using an email (and a password) or using Facebook (hellojs and passport).
The self delete…
Felipe Pereira
- 129
1
vote
2 answers
Why would I want to revoke JWT Tokens?
After reseaching the differences between OAuth and JWT, I decided to use JWT on my next project for simplicity and performance reasons.
From what I learned until now, and please correct me if I'm wrong, JWT is self contained data, hashed with a…
sigmaxf
- 119
1
vote
2 answers
Authentication at my web site using other credentials
Suppose there are 2 web site: example.com I don't own and example2.com I own. I want to extend the functionality of example.com somehow.
example.com doesn't have any API. I want the users of example.com to be able to login at example2.com using…
Oskar K.
- 225
1
vote
4 answers
Simple method to authenticate human input into a form for relaying via email to a 3rd party
I put up a webpage advertising a particular birthday party. A simple html page served by apache2 on ubuntu server 12.04. I have a link on the page to a cgi script-Python-that asks the requester to submit text values that will be formatted and…
naftalimich
- 433
0
votes
5 answers
Authentication for an app that only has one user
I'm going to write a blog app for myself, and though I've written authentication for multiple users. It seems heavy handed to use the same kind of architecture for one user.
The only alternatives to having a table/document with one user (myself) for…
bonum_cete
- 111
0
votes
1 answer
What is Federated , Certified Authentication?
I was completing an infosec report and came across this.
Does the APP support end-user authentication? Federated, Certified, other?
I wanted to have some clarification on the terms.
From what I understand
End-user authentication means having…
0
votes
2 answers
How do I resend a confirmation token, if two different people try to register the same email address?
I am designing a REST API that allows users to register and authenticate with an email address and a password. Before being able to authenticate, I want to ensure that the user owns the email address they are using, so I send them a verification…
Chathan Driehuys
- 111
0
votes
1 answer
Identifying how server is authenticating users
I'm trying to build a bot that will parse the list of classes offered by my university and let me know when the one I'm looking for is open. The problem is that in order to get to the registration/search box, I have to log in with my university…
jamzsabb
- 103