Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Authenticate with Ajax call #381

Closed
cb55555 opened this issue Sep 24, 2014 · 8 comments
Closed

Authenticate with Ajax call #381

cb55555 opened this issue Sep 24, 2014 · 8 comments
Labels

Comments

@cb55555
Copy link

cb55555 commented Sep 24, 2014

Is it possible to authenticate using an Ajax call? If so, is there a sample application that demonstrates this?

@brockallen
Copy link
Member

For authentication, I'd suggest looking at the OIDC spec. We do support the implicit flow, but that involves browser redirects, not via Ajax. I suspect though, there's more to your question and scenario (as with most people asking the wrong question :))

@cb55555
Copy link
Author

cb55555 commented Sep 24, 2014

I'm essentially looking to do what is described here. http://bit.ly/1m4bNoV

Here is the github repository for the code. https://github.com/tjoudeh/AngularJSAuthentication

@leastprivilege
Copy link
Member

Yes that's supported - it is called the resource owner flow and is generally not really recommended for JS based applications. As Brock said you want to look into the implicit flow.

@cb55555
Copy link
Author

cb55555 commented Sep 24, 2014

What are the issues of using that authentication paradigm with JS? Does it leave a security hole?

@brockallen
Copy link
Member

The user must enter the credentials directly into you app, so you app must be the one that owns the credentials and you don't get the benefit of SSO.

@cb55555
Copy link
Author

cb55555 commented Sep 24, 2014

Isn't that the same level of ownership that a mobile application would have--collecting the credentials and then passing it through to the identity server?

@brockallen
Copy link
Member

If the mobile app owns the account, yes. But you'd not use this approach if you wanted the user to authenticate with their google account, for example.

@cb55555
Copy link
Author

cb55555 commented Sep 24, 2014

Yes, understood.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants