You’ll have to excuse my newbines it’s mostly because I’m actually a noob.
Lets assume I’m using this package for a stateless api.
In the above docs it suggests that a user should get a token by doing
curl -X POST -H "Content-Type: application/json" http://localhost/api/login_check -d '{"username":"johndoe","password":"test"}'
which begs the question: how is this secure? Basically I’m curling to whatever server with my username and password in plain text.
Now, since I assume a lot of people use this library I’m clearly missing something and this is in fact secure, in one way or another. But even over https I wouldn’t feel comfortable doing that.
What exactly am I missing here?
Also why would I use a token over something much simpler, such as this(this is just an example, but it seems waaay easier in my eyes).
submitted by /u/SmartAssUsername
[link] [comments]