Inicio de sesión
| REST client | REST server | Authentication | Authorization |
|---|---|---|---|
| send login & password | |||
| get user-agent and IP values from client and all credentials to authentication | |||
| check credentials | |||
| send confirmation to authorization with all credentials | |||
| generate hash from user-agent and IP | |||
register token, expiration time and hash in session_token
|
|||
| send new session token to REST server | |||
| send session token to client |
Verificación del token de sesión
| REST client | REST server | Authorization |
|---|---|---|
| send token | ||
| receive token and user-agent and IP values | ||
| send all credentials to authorization | ||
| generate hash from user-agent and IP | ||
check in session_token if token exists, token has not expired and hash matches |
||
| return confirmation/denegation to REST server | ||
| continue transaction if authorization ok | ||
| return error code if authorization failed |