cross platform - Website and Native app user authorization -


i wish create functionality similar facebook or pokerstars if have used them before. apps require user login , information can accessed both browsers , native , web apps.

how can go achieving this? please advice on services research on accomplish this. current understanding. creating website in html , php , creating webservice using restful protocols , hosting them on amazon aws servers. can connect these servers in native apps? not clear on how native apps interact servers

if know of particular protocol or better server hosting service please let me know.

if i'm interpreting question correctly, looking this:

  1. the user starts either browser app or native app (perhaps mobile app)
  2. since user not have account yet, present them appropriate dialog create said account.
  3. you ask "identity service" create profile user
  4. the identity service returns token access

this in mobile network industry time. technically, have tac/acs or hss profile services, in either case, it's same thing -- dedicated service , network process that:

  1. accepts connections various clients (web, mobile, desktop...)
  2. has various primitives along database crud (create, read, update, delete) model
  3. answers requests database

if want pre-configured solution, use networked database reststyle connector example (mongodb maybe?) through in process talks nosql or sqllite database. end result same.

for commercial solutions, might @ openstack can run code on , have identity brokers might able coopt.

personally, i'd have datastore running on cloud somewhere amazon's ec2 answers restful requests such as:

  • create user given profile set, return unique token
  • delete user given token
  • update elements of profile given token

i'm leaving out necessary things security here, idea.

this has advantage can have single identity service of applications/application services. specifics given application element sub-fields in profile. gives you, not common identity broker web, desktop , mobile, single-sign-on applications. user signs in once , authenticated have. moving site site, became seamless.

lastly, place identity management, backup, security token management, etc outside of application. if later want add google authenticator second-factor authentication, don't have add every application have.

i should add don't want keep identity database on direct internet connection point. make life difficult , ahold later on. rather, want identity server have private link it. this:

  • when account created, don't store passwords, store hashes -- safer
  • have application (web or otherwise) compute key login

in case, user might enter username , password, application or website convert token. send across.

  • next, using token (and suitable security magic), use owner key
  • send key datastore , retrieve needed values
  • encrypt them blob token
  • send block
  • the application decrypts blob @ values

why this?

first, if try @ identity database, there's nothing useful. contains opaque tokens logins, , blobs of encrypted data. go ahead -- take database. don't care.

second, sniffing transport gets attacker nothing -- again, it's encrypted blobs.

this means later on, when have 5 applications using broker, , hacks network , steals database, don't care, because users never gave out logins , passwords in first place, , if did, data garbage without user key.

does help?


Comments

Post a Comment

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

since using iframes house external pages are, accounts "not preferred method" , disallowed sites (flickr, one), want dynamically generate browser tabs. e.g., when user submits form, want dynamically generate tab on browser in response submitted. e.g., might want add new tab url like: http://www.bigsurgarrapata.com/contact how in jquery? you want form target attribute action attribute. http://www.w3schools.com/tags/att_form_target.asp browsers have ultimate control on result of target attribute open new tab value of _blank. <form action="contact_submit.php" target="_blank" method="post">
Read more

node.js - Getting the socket id,user id pair of a logged in user(s) -

i have web application done using node js , in it,i have authentication system requires users log in before can access pages. have 2 pages,the homepage , updates page. from read docs,a new socket id issued when user opens tab in browser. me being admin,i know socket id of logged in user , more so,the socket id,logged in user id pair logged in users. what method can use socket id,logged in user id pair make sure broadcast realtime info users online?.
Read more

keyboard - C++ GetAsyncKeyState alternative -

i using windows.h library's getasynckeystate function define key pushed on keyboard . here program returns int value of pushed key example. #include <iostream> #include <windows.h> using namespace std; int main (){ char i; for(i=8;i<190;i++){ if(getasynckeystate(i)== -32767){ cout<<int (i)<<endl; } } return 0; } but trying make opengl simple game , function appeared slow . there function not need cycle 180 times , if statement . thanks you're trying make opengl game, you're going use glfw. if that's case can away using glfwgetkey() such: if (glfwgetkey(glfw_key_up) == glfw_press) {...} if (glfwgetkey(glfw_key_down) == glfw_press) {...} that method nicely explained in tutorial 6 opengl-tutorial.org . should start first tutorial of beginners tutorials , later intermediate tutorials . if you're going make win32 window can listen wm_keydown or wm_keyup messages , virtua
Read more