Authentication between client-side JavaScript appl

2019-05-11 04:39发布

问题:

I have built some server-side APIs work through HTTP, for my client-side applications only. So, is it possible to authenticate applications between client-side and server-side; and how to?

回答1:

There are two options:

  1. Sessions
  2. HTTP authentication

The idea behind session is that the server sends a hard to guess value to the client and the client subsequently passes that value back to the server on each request. That way, the server knows from which client the request likely comes from and can keep track of whether the client has authenticated itself with the server (e.g. by having provided username and password on an earlier request).

HTTP authentication relies on the client passing authentication credentials (usually username and password) in the request header to the server with every request. This is usually initiated by the server sending a 401 Unauthorized response, which usually leads to the client prompting the user for a username and password. These information are then passed to the server, validated and (upon success) answered with the usual 200 Found.