Skip to main content
Software Engineering

Return to Answer

added 97 characters in body
Source Link
user291864
user291864

You could look into using tokensSince your API has to receive password every time, your application will have to store that password. They would have

I don't see a workflow like thisproblem with encrypting passwords and storing them: it beats storing them in clear text, that's for sure. It is a secret and the way you store secrets is by encrypting them.

  1. User logins for the first time
  2. Server generates a new secure token and returns it to the app
  3. App persists the token and uses it to authenticate requests made by user
  4. When token expires, app requests it to be regenerated.

A common standard usedThere are plenty of solutions for tokens is OAuththis, dedicated to secure storage of user secrets, the choice depends largely on the platform and the technology stack you can read more about itare using.

For instance, in here.NET Core you would typically use Azure Vault for something like this.

You could look into using tokens. They would have a workflow like this:

  1. User logins for the first time
  2. Server generates a new secure token and returns it to the app
  3. App persists the token and uses it to authenticate requests made by user
  4. When token expires, app requests it to be regenerated.

A common standard used for tokens is OAuth, and you can read more about it here.

Since your API has to receive password every time, your application will have to store that password.

I don't see a problem with encrypting passwords and storing them: it beats storing them in clear text, that's for sure. It is a secret and the way you store secrets is by encrypting them.

There are plenty of solutions for this, dedicated to secure storage of user secrets, the choice depends largely on the platform and the technology stack you are using.

For instance, in .NET Core you would typically use Azure Vault for something like this.

Source Link
user291864
user291864

You could look into using tokens. They would have a workflow like this:

  1. User logins for the first time
  2. Server generates a new secure token and returns it to the app
  3. App persists the token and uses it to authenticate requests made by user
  4. When token expires, app requests it to be regenerated.

A common standard used for tokens is OAuth, and you can read more about it here.