1

I want to create a responsive website that will work in all devices. Front end is HTML/CSS/JS and I am going to create bunch of APIs which will interact with database and do all the business logic and data fetch required.

I want to implement oAuth. oAuth for the front end's communication with my REST APIs. Why? I potentially see a need for more external parties to access my REST APIs in future.

How can I do this without MVC or seesion. Without MVC I suppose I might end up storing the site key, secret and auth id in cookie. How dangerous is it? Please let me know.

Thanks in advance.

Improve this question
1
  • Am just thinking loud. I do not want to choose MVC/HTTPSession path without thinking. Can I store key, secret etc in browser memory or something in a secure way? Commented Aug 21, 2013 at 19:47

1 Answer 1

Reset to default
1

How can I do this without MVC or seesion

since you don't want to use a server side MVC as a middle layer between your client side and your API endpoints, you're going to be building your application in javascript. in that case do use an MV* framework to structure your data / events relationships to the API and page.

In terms of using oAuth, what you're going to need to do is use or write a javascript library for oAuth, and there are plenty of discussions about that, here's one: application that uses OAuth and javascript.

Because you wont be using a middle layer, you won't be touching session either, and typically that means you're going to make some special key and hash it and store it as a cookie, thus giving every client a stateless connection to the API.

How dangerous is it?

it is common practice, but you must salt and hash that key, otherwise the key will be not secure enough.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Kristian. "it is common practice, but you must salt and hash that key, otherwise the key will be not secure enough." Can you give me some reference?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.