Background
The two application is developed in PHP Laravel web application. In the application, App 1 and App 2 are two difference Application and being managed by two different team. App 1 is use to trim video while App 2 is use to showcase their video.
The current login method of two application is email password login.
Algorithms:
- In the App 1 (Ex. Facebook), user can login to the system and upload video together with some form details.
- App 1 then trim and process the video and save inside the FileSystem.
- After the process, App 1 then
POST
the results to App 2 (Ex. Instagram). - In the App 2, the video is then uploaded with the respective user information and showcase to public.
Problem
- How do APP 1 authenticate the user in APP 2.
- What is the best approach and most user friendly method while provide a secure authentication
The thing that I concern is the authentication part of App 2. How do we authenticate the user in App 1 before sending the videos to App 2 due to difference user login method?
Some Work that I managed to found on Google
First Way: hash(Master Key + [INFO])
- Create a master key that are known by only App 1 and App 2. Then hash the master with some extra information (Ex. time()). Then App 2 can validate the hash information with its own master key and if the result is similar then, user can pass through the authentication process and straight away post the video on App 2.
Second Way: OAUTH Token
- User have to login to the App 2 and generate OAUTH token. Then user need to submit their OAUTH token on App 1 to allows for video posting. This method is not really user friendly as this approach is somewhat the approach for developer.
Not really sure about the terminology used for this type of authentication. Feel free to let me know in the comment section. Thank you very much.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire