Authenticating User Login

S

Smeth0

New Member
Joined
Aug 12, 2015
Messages
9
Reaction score
0
I'm currently building a web app which requires the user to login from another website before logging into my own website (an authentication system). I was planning on using OAuth 2.0, but not too sure if it would be possible (or overkill). Basically, as an example this is the process I wish to accomplish:
1) User logs in from example.com.
2) After successful login, the user would then be allowed to post and interact on my website.

From what I've read, I don't think this is possible with something like OpenID Connect.
 
Here is a basic answer/solution:
User visit www.example.com
User logs in
www.example.com stores a cookie on the users device (you must know this cookie and have access to it)
Your website check if the cookie exists and if it does, reads the information and then allows the user access.
 
Hackson said:
Here is a basic answer/solution:
User visit www.example.com
User logs in
www.example.com stores a cookie on the users device (you must know this cookie and have access to it)
Your website check if the cookie exists and if it does, reads the information and then allows the user access.
Click to expand...

Please don't store user info in cookies. Only a token. Once logged in you use sessions(PHP)
 
Hackson said:
Here is a basic answer/solution:
User visit www.example.com
User logs in
www.example.com stores a cookie on the users device (you must know this cookie and have access to it)
Your website check if the cookie exists and if it does, reads the information and then allows the user access.
Click to expand...

Never knew that was possible since I read cookies were domain specific. When I read that I never bothered reading up much on cookies.
 
Last edited:
koeksGHT said:
Please don't store user info in cookies. Only a token. Once logged in you use sessions(PHP)
Click to expand...

While sessions are safer, they are stored in the server and as such he won't have access to them unless he can goes to the server. As he mentioned OAuth would be best for what he is doing as he would just need the token. This also depends on whether he will be doing any data storage that needs to have information about a user. More info please OP.
 
Hackson said:
While sessions are safer, they are stored in the server and as such he won't have access to them unless he can goes to the server. As he mentioned OAuth would be best for what he is doing as he would just need the token. This also depends on whether he will be doing any data storage that needs to have information about a user. More info please OP.
Click to expand...

I don't really need to store any user data. My main priority is to authenticate.
 
To use oauth, example.com will need to support oauth of course.

Why don't you just use google and or facebook?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X