How do I make my Rails 5 API-only work with key pairs pattern? I can't consider JWT because of these requirements
I want to:
- Keep track of the apps using the API
- Securely verify the resources ownership without username/password.
I could think of this process:
- User create new app in our webapp.
- The system generates a secured public key (the app identifier) and a private key
- User can use the key-pair to integrate the API with their apps in different languages as long as they can submit the HTTP request.
- The server will verify their key-pair and respond accordingly.
My questions:
- Is there any gem to handle key-pair generating? (just for references)
- I would prefer to generate the key-pair myself rather than using a gem. What algorithm best suits my requirements?
- Should I expire the key-pair?
Aucun commentaire:
Enregistrer un commentaire