Are there any solutions to implement REST authentications for clients using only JavaScript? JavaScript code is always readable by anyone. I read many posts about REST authentication here, but didn't find any answers.
Asked
Active
Viewed 1,191 times
1
Paul Sweatte
- 22,871
- 7
- 116
- 244
Snoopy
- 11
- 2
-
The only solution I think is a (API)-Key or something. But how do I make sure that the Key only works for a specified domain? One line in the hosts file and I would bypass this check if it based on Javascript. – Snoopy Nov 04 '09 at 08:08
-
Do you mean creating an authentication mechanism wherein a user can enter their own credentials, and then a JS function on the page will authenticate using XHR, and not by having the page navigate to a different resource? – Avi Flax Jan 07 '10 at 15:21
-
API-key solution for public facing APIs is useful because although you can change your hosts file and allow you to use someone elses API-key, the other 99% of users on the internet are not going to do that. So in order to make yours (or anyone else's) site usable, you'd just obtain an API-key via the provided channels. Since everyone will be legitimately using API-keys, if anyone starts to abuse their access, their key is revoked. – jpillora Feb 13 '13 at 05:08
1 Answers
0
There is a related question which details how to do BASIC authentication in JavaScript with jQuery's AJAX methods.
Community
- 1
- 1
Paul Sweatte
- 22,871
- 7
- 116
- 244