Hi
I need to send current logged in user credentials to REST API call.Since I can't get the user's password from outsystems,I thought of getting it from user directly when page loads.
But I can't tell user to enter password each time when they enter so I thought of storing it somewhere securely and can set timers to expire each day.
But how can I store it securely?
whether I have to create entity and encrypte the password and store it?
Plz suggest me some ways to store it and reuse it.
I see, in that case, that will be difficult since you can not, by design, decrypt passwords that are stored in the DB. That is why in most cases a token-based authentication is used/required.
Do you have control over the API you want to consume ? If so I would suggest creating some kind of token-based auths for it.
Otherwise, the only real solution to your problem would be to store the encrypted user credentials in an Entity and use it to log in to the API. Be aware that this is a security risk if not done properly.
Maybe this component can help with that: Password Vault
Hello Sowndhar,
Does the API you are using return any kind of token or authentication code? Being an API that requires credentials most of them are set up like this.
If so you can call the API on the user log-in and then just store that token instead of the credentials, which is safer to do.
Hope it helps!
Paulo Rosário
Hi Paulo,
Thanks for the response.
I didn't use OAuth authentication in that only the application will return authentication token.
We have some problem using OAuth ,So for now we decide to use basic authentication.
In that,username and password are sent with REST API.
Yeah Paulo,
I also think token -based authentication would be better.
Since we have some problem in implementing this,I had to discuss with the respective team about this.
Thanks Paulo.