Sequence for authentication on a decoupled client?

Posted by A T on Programmers See other posts from Programmers or by A T
Published on 2012-06-15T18:21:25Z Indexed on 2012/06/15 21:24 UTC
Read the original article Hit count: 380

Using a sequence diagram and example code could you explain to me how authentication works when the client is completely separated from the server?

I.e.: you haven't generated any of the client using a server-side template engine, rather you are communicating using REST (SOAP xor HTTP) xor RPC (XML xor JSON) with javascript on the client-side.

Specifically I would like to know the sequence of:

  1. Authenticating using basic auth (user+pass) with "my" server
  2. Authenticating using OAuth2, e.g.: with Facebook, with facebook's server then whatever extra steps are needed for "my" server

And how it could be implemented. (feel free to use psuedo-code [like below] or [preferably] prototyped simply using BackboneJS, AngularJS, EmberJS, BatmanJS, AgilityJS, SammyJS xor ActiveJS.

if cookie.status in [Expired, Tampered, Wrong IP, Invalid, Not Found]:
    try auth(user,pass):
        if user is in my db:
            try authenticate(user,pass)
                if successful:
                    login user # give session-cookie here?
                else: present user with "auth failed" msg
        else if user not in db:
            redirect to "edit-profile" page

PS: I have written an example (editable) auth sequence diagram; based on facebooks' documentation.

© Programmers or respective owner

Related posts about JavaScript

Related posts about authentication