Access Token Verification

Posted by DecafCoder on Programmers See other posts from Programmers or by DecafCoder
Published on 2014-06-08T09:52:12Z Indexed on 2014/06/08 15:42 UTC
Read the original article Hit count: 186

Filed under:
|
|
|

I have spent quite a few days reading up on Oauth and token based security measures for REST API's and I am currently looking at implementing an Oauth based authentication approach almost exactly like the one described in this post (OAuth alternative for a 2 party system).

From what I understand, the token is to be verified upon each request to the resource server. This means the resource server would need to retrieve the token from a datastore to verify the clients token. Given this would have to happen upon every request I am concerned about the speed implications of hitting a datastore like MySQL or NoSQL upon every request just to verify the token.

Is this the standard way to verify tokens by having them stored in a RDBMS or NoSQL database and retrieved upon each request? Or is it a suitable solution to have them cached (baring in mind that we are talking millions of users)?

© Programmers or respective owner

Related posts about java

Related posts about security