Security of logging people in automatically from another app?
Posted
by
Simon
on Programmers
See other posts from Programmers
or by Simon
Published on 2012-05-25T06:32:27Z
Indexed on
2012/06/24
9:23 UTC
Read the original article
Hit count: 372
I have 2 apps. They both have accounts, and each account has users.
These apps are going to share the same users and accounts and they will always be in sync.
I want to be able to login automatically from one app to the other.
So my solution is to generate a login_key, for example: 2sa7439e-a570-ac21-a2ao-z1qia9ca6g25
once a day. And provide a automated login link to the other app... for example if the user clicks on:
https://account_name.securityhole.io/login/2sa7439e-a570-ac21-a2ao-z1qia9ca6g25/user/123
They are logged in automatically, session created.
So here we have 3 things that a intruder has to get right in order to gain access; account name, login key, and the user id.
Bad idea? Or should I can down the path of making one app an oauth provider? Or is there a better way?
© Programmers or respective owner