Restfull authentication : Best pattern for registering a new user

DKA · 2017-03-18 21:52:28

Hi,

I really like the "mORMot secure RESTful authentication".

But how to allow users to create their account and avoid DDOS Attack. In the "mORMot secure RESTful authentication", there is a secret shared between Server and client. But when the user doen't exist (he is creating an account), how to prevent replay attack by a MIM user?

Does something like this already handled by Mormot ?
1 - The user authenticate via OAuth.
2 - The server send a mail with a link (available for 1 hour for example).
3 - The user click the clink and validate his account

Any advice?
Thanks.

ab · 2017-03-19 08:38:41

There is something similar to it in the ddd\user folder of the framework.

DKA · 2017-03-24 16:05:49

Thanks Ab. I checked it, but I'm confused without example.

I will read the doc again and try to fix my problem.

ab · 2017-03-24 17:21:05

Check the regression tests.

mORMot Open Source

#1 2017-03-18 21:52:28

Restfull authentication : Best pattern for registering a new user

#2 2017-03-19 08:38:41

Re: Restfull authentication : Best pattern for registering a new user

#3 2017-03-24 16:05:49

Re: Restfull authentication : Best pattern for registering a new user

#4 2017-03-24 17:21:05

Re: Restfull authentication : Best pattern for registering a new user

Board footer