i'm designing a system where i have three parts:
- an app that is used by the users from the smartphone
- a web interface for back office administrations
- a backend server that serves the requests from 1 and 2
An user should have access to the system from app and backend through the same credentials.
I would use crossbar for server implementation but i'm a bit confusing about user authentication.
I have thought to use a ticket authentication.
Maybe i should use two entities A and B. The client contacts A for the ticket and after contacts B to establish a new session with the the router.
A) a ticket generator: it checks the password, controls if does not already exist a session for the user and finally generates a token.
B) an authenticator component: it uses a dynamic autentication, it receives the token, calls the auth method that checks the token previuosly generated and finally autenticates the session.
For the first entity (A) i have two options:
- create (with flask) a web service authenticator
- or create (with crossbar.io) an anonymous static autheticator using http bridge functionality. Where according to the anonymous role the client can just call the ticket generator method
I'd like to use crossbar.io for A but i don't know if it is the better solution or if it is difficult to implement. Could you give me some advice?
Lastly, i would that the methods of the server component were accessible from websocket and http because the same method could be callable from the backend (http) and from the app (websocket). I know i could use an http bridge but how to deal with the authenticator component when i use the http bridge functionality?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire