API based credential checking?

hi all,

I'm designing an app which will have 2 parts;

a (server-side) token request service which has an access token to operate the NB API
a browser based app which will needs to use the NB API, so requires its own access token

I'd like to restrict the usage of the browser app to people with current credentials in my NB site, and potentially tagged in a certain way. Something like this;

user posts credentials (userid, pwd-hash) to my token request service
my service uses the NB API to check the user's credentials (userid, pwd-hash)
if good, the service requests a new access token for the user and returns it to the user's browser ... this is the reply to the request (1)
user's browser app can now operate the API and do something useful.

Is there an API call to support (2) ??

Is this a reasonable pattern?

Nick

Share this post

Showing 3 reactions

How would you tag this suggestion?

Add comment (optional)

Sign in with

Facebook Twitter

Chris Jensen

Chris Jensen commented
I don’t follow – the OAuth does not allow you to identify the specific user, does it?
posted 2016-02-28 02:51:35 -0800
Nick Airey

Nick Airey commented
yes ok; I’ll use OAuth for this.
posted 2015-04-08 19:24:05 -0700
Arion Hardison

Arion Hardison commented
Why not just use OAuth?
posted 2015-04-01 10:12:36 -0700

API based credential checking?

Showing 3 reactions

Sign in with

Or sign in with email

Create an account