How to request access token from server, only via frontend in a secure way, without human interaction?

Navigation
1

Good people.

I caught it here: I have an application on the frontend of a server, which needs to communicate with a Rest API on another server, without the client having to log in. The app that will request or send whatever it takes to authenticate. This API generates tokens for authorization. how to request the token securely, via frontend and securely store it as well? Thank you for your attention.

    
asked by anonymous 13.12.2016 / 15:27

1 answer

1
  

I have an application on the frontend of a server, which needs to communicate with a Rest API on another server, without the client having to log in.

I'm assuming you mean that on a S server you have a web application WA , consisting of both a backend and a front-end .

  

The app that will request or send whatever it takes to authenticate.

By app, I understand the backend part of the web application.

  

This API generates tokens for authorization. how to securely request the token, via the frontend and securely store it too?

If you want security, never manage tokens on the client side - in fact, never trust client-side integrity. Suggested implementation:

  • Keep application credentials (secret key, application ID, etc.) in the backend exclusively.
  • If the user of the WA application needs remote REST API custom content, get the remote credentials and store them in the back-end (eg User U1 , remote token% with%).
  • Your web application should relay calls only to your own back-end ; if you need remote REST API content, make a connection from the back-end .
15.12.2016 / 16:47
Return the maximum sum value of the collection with MongoDB Random ads with viewer counter