Are there any simple authentication services any of you have used to help secure cloud hosted APIs? I'd rather not go through all the hoopla of setting up Oauth, is there a simple public/private key (or anything) method anyone has used? My use case is for dot net core but I'd be interested in checking out any platform.
Thanks all!
Firebase auth is by far the simplest auth provider I've ever worked with. I work with aws cognito in my day job, and I would say for sure firebase auth is much more friendly to work with.
I'll be checking this out, thanks!
Completely agree 100%
Hi Colin,
Have you already lookat at this:
https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-web-api?view=aspnetcore-3.1&tabs=visual-studio#add-authentication-support-to-a-web-api
However when I read that you want something simpler, perhaps this post has some pointers: https://stackoverflow.com/questions/38977088/asp-net-core-web-api-authentication . Be careful with less secure methods though.
This is a nice overview of different API Authentication methods: https://blog.restcase.com/4-most-used-rest-api-authentication-methods/
Cheers,
Jeroen
There are several layers of authentication I apply based on the requirements;
Usually I try to go with a pre-made library as it takes a lot of effort and in-depth knowledge about the environment you're operating in to make sure your endpoints are secure.
Id highly recommend Auth0. It really future proofs a lot of security features.
But if you are just looking for something dead simple, you could easily roll your own. Just pass in a string and check it against a DB or JSON file.
If you are only worried about unauthorized users, then something as simple as assigning all valid users a unique "key" that must be included with every call. Although, if you are worried about securing it, it really is not much effort to implement 3rd party authentication, i.e. Google, Yahoo, Facebook signin.
basic auth. user logins with user/pass and you generate api key that is used for auth of the api
There's a lot of options out there. What cloud platform are you on? AWS for example has a service for this called cognito: https://aws.amazon.com/cognito/. Also, Auth0 is cloud platform agnostic solution that takes care of the oauth hassle for you: https://auth0.com/.