Lot of websites on the Internet allow their users to login via third party’s account. Usually, these third parties are famous social network websites, like Twitter, Facebook or Google. If the user want to use this kind of authentication, he has to authorize the access to some of his data to the website. After that he can use its services and resources. In this case the authentication is outsourced to that third party and it ensures the user’s validity to the website and it sends the desired data about the user.
My task is to create travel planning web application just using REST technology to send and recive requests. So I don’t store any information about the user nor the usage. The users have to log in first, then they can use the sevices. The only way to auhtenticate is using one of their third party’s user account.
The OAuth protocol’s authentication is based on REST, and OpenID which uses OAuth. OAuth specifies tokens, which transfer data from server to client, client to server and server to server, in order to claim resources. I do not have to store information about signed in users, because the application recive a token called Bearer token with every request, which contains information about the user.
After a successfull authentication, the user has to enter the departure, destination place and the mode of transport. The application uses third party API’s to plan the requested trip, to query weather data and to query other useful information about the trip.
The aim of the thesis is to describe the REST technology and the OAuth protocol which uses REST to authenticate users. In addition, I show the OpenID technology, which uses OAuth protocol. I describe properties, advantages and disadvantages of these technologies. Furthermore, I describe the application’s framework too.