I am going to create an application which will have a regular web interface where a user can sign up, access some resources.
I am reading up on different means of authentication- Basic authentication, digest authentication, openid , oauth, oauth2…
What I want to know is, if I implement basic or digest authentication, then is it secure? Because in many sites that I visited, the talk was about oauth and how secure it is.
Open ID was also mentioned in some of the sites I visited…
The current usage scenario for which I am looking at end user authentication is for a web interface in a web app. Another usage scenario is for a JAX-RS based web service. Which means of authentication is secure for these 2 usage scenarios? Ideally I want to use the same means of auth in both scenarios…
For the user-facing part, Basic and Digest are supported by web browsers out of the box. Also form-based or OpenID auth will work if you establish the session using cookies.
If you use Basic, definitely use SSL, since password will be passed around in the message header unencrypted.
OAuth is targeted at authorizing 3rd party clients so that they can access resources owned by a user without knowing user’s password and without necessarily having the same level of access as the user themselves. I’d recommend that for the programmatic API.