javascript - Authentication with the Rest API when using an External Application

admin管理员组

文章数量:1332628

Good day!

I'm new to rest api.

My task: to make authorization and management of user meta-information on WordPress.

More specifically: I write games in html5 (in fact, this is a Java script), and I want to record the results of users in the high score table. I want to change the meta-information of a specific player (user) who is logged in. How to do this through the browser, I kind of understand in general (you need to create your own request to the api, which will change the meta-information).

My question about authorization through external applications. For example, I will compile my game for a smartphone. How can I properly organize player authorization? As I understand it, if you use something like OAuth, then the game receives a security token, but in fact this token will be the same for all users, and I do not receive authorization from a specific player, and even when trying to hack, the player can intercept this token (probably) and use it to change the results of any user using this token.

I want player to log in once when entering the application (for example, from a smartphone), and then always have this authorization. If the game is opened from the browser, then the current authorization was used (when opening from the browser, I probably of understand how to do this). The security issue is very acute in the first case, since the games are for Java script, and they actually have open source.

I also want to receive the name of the player (user), his id, and any information about a specific authorized player.

Thanks for any advice!

本文标签： javascriptAuthentication with the Rest API when using an External Application