I am currently working on enhancing user service which would be consumed by several other services. Other than offering basic CRUD functionality around users this service is also supposed to act as a SAML enabled id provider and so it needs to be able to authenticate users somehow. The current implementation looks like below
PUT /authenticate
{
Userame: {username},
Passowrd: {password}
}This returns a true or false depending on success or failure of authentication. I am thinking of changing this to be more RESTful. I am thinking on these lines.
Authentication is a process so there is real resource involved here. Should I define a new virtual resource? What should this resource be? Something that gets created when authentication succeeds? A LoggedInSession? A SecurityContext? SecurityContext sounds better. So let's design the API as below
POST /securitycontext
{
Userame: {username},
Passowrd: {password}
}Not sure if I am thinking in the right direction.
I am currently working on enhancing user service which would be consumed by several other services. Other than offering basic CRUD functionality around users this service is also supposed to act as a SAML enabled id provider and so it needs to be able to authenticate users somehow. The current implementation looks like below
This returns a
trueorfalsedepending on success or failure of authentication. I am thinking of changing this to be more RESTful. I am thinking on these lines.Authentication is a process so there is real resource involved here. Should I define a new virtual resource? What should this resource be? Something that gets created when authentication succeeds? A LoggedInSession? A SecurityContext? SecurityContext sounds better. So let's design the API as below
Not sure if I am thinking in the right direction.