Two companies.
- MegaSocialPlatform
- CorporateCompany.
CorporateCompany wants that their employees can reuse their current login credentials of CorporateCompany.com on MegaSocialPlatform, so that their employees don't have to make another account.
CorporateCompany has a limited amount of development power and they don't have any fully fledged OAuth service implemented.
Would it be sufficient if they make an API where you just post an email / password combination, and if it's right it returns some JSON with an ID and name etc in there?
This ID could then be used to authenticate the user the MegaSocialPlatform.
Of course the classical systems like preventing hackers from trying more than 20 passwords are still in place.
Would there be any security issues? What other problems might arise?
Aucun commentaire:
Enregistrer un commentaire