Authentication Methods - rsanchez-wsu/jfiles GitHub Wiki
I see 2 possible ways we could handle authentication.
- API Keys
- User ID and password
API Keys
There are a number of decisions that API keys would answer for us. For example, an API key would force us to use stateless connections. A stateless connection type is in turn best served by a REST type interface. Also, it would simplify the server side programming. The server would essentially just check authentication and then serve the request. Pathing would be handled on the client side.
Key generation doesn't matter at this point and would probably be too complicated to implement anyways. The easiest thing to do would be to load a key from a config file and use that directly as the API key.
User ID and password
The most common method that seems the most intuitive. Doing it right is difficult, but getting it working is easy. This would also allow us to use stateless or stateful connection types. This complicates the server side programming as we would then need to manage session states.
Note
information from class would suggest that we are thinking about a stateful connection. User ID and Password may be the better approach.
Password Requirements:
- Must change password every 60 days
- Must have at least one alphabetic character
- Must have at least one number
- Must have at lest one special character(!, #,$,etc..)
- Password must be at least 8 characters long
Server decryption
- username and password is hashed, sent, and de-hashed