Here's the position:
We use flasks for website application development. , We host a quiet service
Later, we find that we also need access, and we also need access to them, and we have certification tools Use the Web application for both use and lush service. Repeat with client calls (dragon), no session and cookies etc. This gives us a headache about the current authentication of lush service.
There are many ways to secure the conditional service on the Web, with client calls. But there is no easy way to get along with our current flask-login tool, as if we do not need to change our web application a lot.
So here's the question:
Is there an easy way (framework) so that the restible services can support many authentication methods (protocols) at the same time. Is this a good practice too?
Many thanks!
In modern web development (in my humble opinion), officially one of the most difficult questions is: Web authentication
Here is the principle behind it (I will answer your question in a moment).
When you create complicated users with more than a few users, especially if you are building apps that are both a website and an API service, then you always face the issue of authentication. What are you, 'are you doing again.
The ideal way to resolve these problems is to have a freelance writer on your network, some types of internal APIs that handle specially for user creation, editing and deletion. There are several advantages to doing this:
- You have a single authentication source that can use all your application components: Use your website to log in behind people's views You can use it to authenticate your API service, API requests, etc.
- You have the same service which can be manipulated by manipulative - it is very dangerous to implement a user's caching which usually occurs when you have multiple authentication Deals with methods: You can cache users for API service, but failing to cache them with the website, such problems cause problems).
- Think about this as a single service that can be extended independently of your other components: Which part of the application data is used in comparison to any other application? In most applications, this user data will require user data for every request, and it puts stress on your database / cache / whatever you are doing. By making the same service that manages the user, it makes it very good for you to easily scale this part of the application stack.
Overall, authentication is really hard.
For the past two years I have been CTO in OpenCNAm, and we had the same problem (a website and API service). In order to handle our authentication properly, we ended up building an internal authentication service described above, then using flask-logging to authenticate users through the website, and authenticating users through the API A custom method to do (only one HTTP call for our athlete)
This really works well for us, and we have thousands of requests By allowing billions (by straining each component in our stack and by focusing on the user object as separate service).
Now, I will not recommend this for apps which Very simple, or such apps that do not have many users, because there is more trouble than this.
If you are looking for a third-party solution, Stormpath looks very promising (just Do it Google).
Anyhow, hope that helps! Good luck.
- Think about this as a single service that can be extended independently of your other components: Which part of the application data is used in comparison to any other application? In most applications, this user data will require user data for every request, and it puts stress on your database / cache / whatever you are doing. By making the same service that manages the user, it makes it very good for you to easily scale this part of the application stack.
No comments:
Post a Comment