I would like to have a service that stores a users password safely while also allowing my code to retrieve that password and authenticate the user for an external API. Any ideas?
thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I would like to have a service that stores a users password safely while also allowing my code to retrieve that password and authenticate the user for an external API. Any ideas?
thanks
What I would do is the following:
When the user then authenticates redo step 1-3 and instead of store the password in the datastore, compare it to the hash in the datastore, if you have a match, then the password is correct.
OR, have the user sign up and get a “passkey” which is a random sequence of characters, have him/her hash it once (no salt) and send it to your API, then rehash it with the salt and compare that.
It all depends on how sensitive it is.
//JaggenSWE