Announcement Announcement Module
No announcement yet.
Replacing basic authentication Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Replacing basic authentication

    Hi there

    We currently use basic authentication to secure REST web services but my boss wants something more secure. In the usual boss manner, he just vaguely mentioned OAuth and left it at that

    I've looked around but can't find any examples of how to do this, all I can tell is that perhaps the two-legged approach will work. Can anyone point me to anything that would help? Any insight would be useful at this point.

    Many thanks

  • #2

    So I wouldn't necessarily say that OAuth is "more secure" than HTTP Basic Auth (assuming over SSL, of course). OAuth has a different purpose, specificallly for delegated access. Perhaps before you start applying OAuth instead of HTTP Basic, you could get more clarity from your boss about what he means by "more secure".

    But to answer your question, disabling HTTP Basic Auth and enabling OAuth is a pretty simple thing to do. Just disable the HTTP Basic filter and enable the OAuth filter. The best candidates for replacement of HTTP Basic Auth would probably be 2-legged OAuth or OAuth 2 "native application" profile.


    • #3
      Thanks for the reply. I agree, a little more specification of what's required would be useful

      In the meantime, I'll have a go at what you suggest.

      Cheers, john