Questions tagged [http-token-authentication]

146 questions
565
votes
8 answers

What is token-based authentication?

I want to understand what token-based authentication means. I searched the internet but couldn't find anything understandable.
csharpbaby
  • 6,125
  • 3
  • 18
  • 12
98
votes
3 answers

Is a Refresh Token really necessary when using JWT token authentication?

I'm referencing another SO post that discusses using refresh tokens with JWT. JWT (JSON Web Token) automatic prolongation of expiration I have an application with a very common architecture where my clients (web and mobile) talk to a REST API which…
98
votes
2 answers

What is the difference between JSON Web Signature (JWS) and JSON Web Token (JWT)?

I've been coding a RESTful service in Java. This is what I've understood till now: Token authorization is done using JSON Web Tokens (JWT) which have three parts: the header, the payload, and the secret (shared between the client and the server). I…
leo
  • 1,423
  • 2
  • 14
  • 23
70
votes
2 answers

Token based authentication in Web API without any user interface

I am developing a REST API in ASP.Net Web API. My API will be only accessible via non-browser based clients. I need to implement security for my API so I decided to go with Token based authentication. I have a fair understanding of token based…
49
votes
2 answers

JWT and CSRF differences

I've been reading about JWT, and from what I understand, it's a token that the server sends after a user logs in. The user will have to send that token with all future HTTP requests. This creates a stateless way for the server to verify a user's…
Caciano
  • 747
  • 1
  • 6
  • 13
46
votes
3 answers

django rest framework - token authentication logout

I have implemented the Token Authentication according to the django rest framework Docs. Form what I read, the Token Authentication of DRF is quite simple - one token per user, the token doesn't expire and is valid for use always (am I right?). I…
22
votes
2 answers

Django TokenAuthentication missing the 'Authorization' http header

I'm trying to use the TokenAuthentication with one of my views. As documented in https://www.django-rest-framework.org/api-guide/authentication/, I add the token I received from the login as an HTTP header called: 'Authorization' in the request I…
15
votes
1 answer

Implementing passport-http-bearer token with sails.js

I am trying to implement passport's passport-http-bearer strategy, but it found no user with info Bearer realm="Users". My request is a post request: {'token':'simple_access_token',} Any one has any idea why this error occurs? Also I know here req…
13
votes
1 answer

How do you implement token authentication in Flask?

I'm trying to allow users to login to my Flask app using their accounts from a separate web service. I can contact the api of this web service and receive a security token. How do I use this token to authenticate users so that they have access to…
12
votes
5 answers

Get user object from token string in DRF?

I have a token string from Django REST Framework's TokenAuthentication. I need to get the corresponding user object. How would I go about doing this?
11
votes
4 answers

Web Api OWIN - How to validate token on each request

I have two applications Client application build on ASP.NET MVC Authentication server build on Web API + OWIN Have planned authentication as follow For user login client app will make a request to authication server with logged in…
paul sim
  • 463
  • 2
  • 10
  • 23
11
votes
4 answers

How to modify token endpoint response body with Owin OAuth2 in Asp.Net Web API 2

I want to modify the response body from the token endpoint response. I've tried to intercept the /Token request with a MessageHandler but it doesn't work. I'm able to add some additional informations to the response by overriding the…
7
votes
1 answer

Bad Request (400) when using Web API Token Authentication from Angular JS

I want to establish Web API Token Authentication with Angular JS as client. I am very new to this concept of Token Authentication inside Web API. I do not want to use ASP.NET Identity default tables to add or authenticate user. I have my own…
7
votes
3 answers

How to avoid/fix "Auth0Lock is not defined" exception

I am trying to use the Auth0 for social login but I keep getting an exception of an undefined reference. This is the authentication service import { Injectable } from '@angular/core'; import { tokenNotExpired } from 'angular2-jwt'; // Avoid…
Siya Mzam
  • 4,655
  • 1
  • 26
  • 44
7
votes
1 answer

django rest framework - adding to views.obtain_auth_token

I have implemented Token Authentication with django rest framework and I can post username and password to /api-token-auth/ and get the token. url(r'^api-token-auth/', token_views.obtain_auth_token) In addition to the token, I want to get the User…
1
2 3
9 10