I have server with some resources; until now all these resources were requested through a browser by a human user, and the authentication was made with an username/password method, that generates a cookie with a token (to have the session open for some time).
Right now the system requires that other servers make GET requests to this resource server but they have to authenticate to get them. We have been using a list of authorized IPs but having two authentication methods makes the code more complex.
My questions are:
-
Is there any standard method or pattern to authenticate human users and servers using the same code?
-
If there is not, are the methods I'm using now the right ones or is there a better / more standard way to accomplish what I need?
Thanks in advance for any suggestion.
Best Answer
Like @Ryanthal have pointed out, impersonate the server (I'll call it consumer-server) is a good shot. For me the method your are using is common, and I'm going to use a very similar one.
A little flow you can use to impersonate your server is:
For a way of reading/setting the cookie in the consumer-servers take a look here, the cookie is simply a argument passed in the response/request.
Pros:
Cons: