Sequence for authentication on a decoupled client?
Posted
by
A T
on Programmers
See other posts from Programmers
or by A T
Published on 2012-06-15T18:21:25Z
Indexed on
2012/06/15
21:24 UTC
Read the original article
Hit count: 380
Using a sequence diagram and example code could you explain to me how authentication works when the client is completely separated from the server?
I.e.: you haven't generated any of the client using a server-side template engine, rather you are communicating using REST (SOAP xor HTTP) xor RPC (XML xor JSON) with javascript on the client-side.
Specifically I would like to know the sequence of:
- Authenticating using basic auth (user+pass) with "my" server
- Authenticating using OAuth2, e.g.: with Facebook, with facebook's server then whatever extra steps are needed for "my" server
And how it could be implemented. (feel free to use psuedo-code [like below] or [preferably] prototyped simply using BackboneJS, AngularJS, EmberJS, BatmanJS, AgilityJS, SammyJS xor ActiveJS.
if cookie.status in [Expired, Tampered, Wrong IP, Invalid, Not Found]:
try auth(user,pass):
if user is in my db:
try authenticate(user,pass)
if successful:
login user # give session-cookie here?
else: present user with "auth failed" msg
else if user not in db:
redirect to "edit-profile" page
PS: I have written an example (editable) auth sequence diagram; based on facebooks' documentation.
© Programmers or respective owner