mORMot Open Source

ab

Administrator

From: France

Registered: 2010-06-21

Posts: 14,660

Website

How to implement RESTful authentication

Comments/feedback from http://blog.synopse.info/post/2011/05/2 … entication

Commonly, it can be achieved, in the SOA over HTTP world via:
- HTTP basic auth over HTTPS;
- Cookies and session management;
- Query Authentication with additional signature parameters.

We'll have to adapt, or even better mix those techniques, to match our framework architecture at best.

Each authentication scheme has its own PROs and CONs, depending on the purpose of your security policy and software architecture.

What do you think about our implementation?

In particular, what about our Session handling and Query Authentication methods?

I've updated the framework documentation.
A security dedicated part has been added in the SAD.
See http://synopse.info/forum/viewtopic.php?id=55 for the download link (link is always the same - sampledoc.zip content is just replaced by a newer version).

ab

Administrator

From: France

Registered: 2010-06-21

Posts: 14,660

Website

Re: How to implement RESTful authentication

There is a very interesting attempt to implement the authentication workflow as detailed in the SAD in pure Javascript.

See http://synopse.info/forum/viewtopic.php?id=490

It is still a work in progress, and I'll probably rely on pure-pascal implementation using such an Object-Pascal-to-Javascript compiler like http://delphitools.info/tag/javascript

ab

Administrator

From: France

Registered: 2010-06-21

Posts: 14,660

Website

Re: How to implement RESTful authentication

This video may help understand the authentication process of mORMot, in an AJAX context:
http://www.youtube.com/watch?v=LIl1HbjxnIA

See also http://blog.synopse.info/post/2013/04/0 … Mot-server