API Development by Sascha Preibisch

Author:Sascha Preibisch
Language: eng
Format: epub
ISBN: 9781484241400
Publisher: Apress

API: /stepup Authenticates resource_owners

A resource_owner has been authenticated during an authorization request using username and password. Now, the same resource_owner clicks a button in his client named Transfer and the amount is $1,000,000. This is what happens: 1.Client request:

POST /transfer

Authorization: Bearer {access_token}

Content-Type: application/x-www-form-urlencoded

amount=1000000&from_account=111&to_account=222

2.API:

/transfer: the API validates the incoming request. It realizes that the original authentication statement of the resource_owner, who is associated with the given access_token, is more than 15 minutes old and has an authentication class reference (acr)8 value of 1 but it requires 3! It returns this response, requiring a new, stronger authentication:

HTTP status: 401 (authentication required)

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.