I am currently working on web application which has front-end, and back-end.
Back-end has RESTful architecture, or something that looks like RESTful to me (this is my first attempt to make something RESTful).
Few weeks ago I started to implement security for RESTful services.
I found out that there are few ways to that:
-
basic http authentication
-
Oauth 1.0
-
Oauth 2.0
After some reading and watching videos on the subject this is what bugs me:
With basic http authentication, front-end application sends username and password with every request.
Should those be the same end user credentials different for every user or should they be sort of “app credentials” for accessing services?