Question
I am working on a RESTful web service implementation and wanted to provide security for my RESTful web service, but I dont want to take the pain of registering user and maintaining and asking new customers to create another account.
I was planning to piggy back on social network's authentication like facebook/twitter/google+. I read lot of documents online and lot of questions here in stackoverflow, but I am still a bit off understanding how all this works.
This is what I understood from all my reading
My question is, how is this secure ? If someone gets access to the access token, they can also act as the authenticated user. isn't it ?
clear this confusion for me. Thanks
Solution
You are not confused. The access token can be abused if it is obtained by an unauthorised person for as long as the token is valid. The expiration date depends on the provider (e.g. Facebook, Twitter).
So it is important to secure this token at all times (SSL for transfer and some algorithm for persistence see also Securely storing an access token)
https://stackoverflow.com/questions/21502528
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian