When I POST a REST service, where can I get the current user password?

1
Hi, I'm currently creating a login POST on REST service. Basically, i need to pass the username and password. i got username for $currentUser/Name, but how do i get the password? is it possible to get the password? if not, any other approaches would be appreciated.
asked
2 answers
1

You cannot get the password of a user from the database if you use the recommended settings: a password is one way encrypted before it is stored in the database using BCrypt. Furthermore, if passwords were accessible from the database, this would compromise the security of you application, so this is not the way to go.

What exactly are you trying to accomplish? Does each user need to verify its identity when calling the web service?

answered
0

Hi Carlos,

What are you trying to achieve? As Rom already indicated, you cannot retrieve the plain password from a user account. However, authentication on username and password is already built in to the module, just set a security role for the microflow / data service you want to publish, and the module will verify any credentials posted with BASIC AUTH automatically.

If you need to implement a different authentication mechanism, just set a microflow name as 'security role'. This microflow will be invoked when authentication is executed, and you should be able to perform authentication using the request headers or parameters of the request. If that is the case, please elaborate a bit more on your situation to get some implementation hints.

answered