Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    14.0d RESTAuthentication and ServerRestConnector question

    Hi Isomorphic,

    I read the 14.0d RESTAuthentication docs, especially the dataSource attribute. It mentions the server side ServerRestConnector, which allows bearerToken authentication.
    This is great for serverside integrating 3rd party APIs requiring this type of authentication.

    Out of interest: Is such a thing is also possible client-side only?
    Could one for example create a AWS Cognito based SmartClient application that does not use SmartClient server? Is this already possible with current Relogin?

    Thank you & Best regards
    Blama

    #2
    We haven't specifically tried it, but in general yes it should be possible, since it's possible to set httpHeaders on a DSRequest, if the service allows CORS (cross-site) requests.

    The problem is that direct client-side access to such services means that credentials for the service need to pass through the browser. This is not appropriate when the credentials being used with the service basically provide root access, which is the typical pattern for things like database connections: the app server is what limits the end user's ability to do things in the DB, not the DB itself.

    In a nutshell, you could connect to a given REST service directly from the browser if:

    1) the credentials to be used to authenticate with the service also limit the end user to only performing allowed actions

    .. and ..

    2) the service allows CORS (cross-site) requests

    Comment

    Working...
    X