When using finAPI, you can implement the user management and authentication model in your application in one of several ways:
1. Using finAPI as your application's user management and authentication model (recommended)
- your application reduces its own logics for the user management and authentication to a minimum, and instead delegates most of the logics to finAPI
- Your application's users are not separated from finAPI's users, but are actually the same users
- The user logs in to your application via finAPI (there are no separate user credentials for your application)
- User credentials are not stored in your application (only usernames, and maybe something like an email address for verification)
- As a result, the complexity of your application decreases, and at the same time the security of user data increases
- For more details on how to implement this scenario, see the article: Using finAPI as authentication provider
2. Using the same user credentials for your application and finAPI
- Your application has its own user management (user credentials are stored in your application)
- However, the users' credentials in your application match the user credentials in finAPI
- for finAPI authentication, your application just forwards its own user credentials to finAPI
- but your users can log into your application without finAPI being involved
3. Separate user management and authentication models for your application and finAPI
- Your application's user management and authentication is completely decoupled from finAPI
- For creating users in finAPI, your application can choose any credentials (which can be different to this user's credentials for your application)
- you can even let finAPI generate random usernames and passwords
- your application has to store the users' credentials for both your application and for finAPI
Comments
0 comments
Article is closed for comments.