mercredi 5 avril 2017

Programmatically Login From Server Then Redirect User

I am working on setting up a server that authenticates user on their behalf.

Right now, my company has credentials to a few sites that people in the firm use to login. Basically, we don't want to share the password to everyone.

The plan is to have a server somewhere store the credentials. Anyone who wants to use it sends a requests to the server, the server authenticates with the external website and redirects the user to it (already logged in). After authentication, all new request should go from the user directly to the site.

TLDR: Is it possible to set up a webproxy like server that takes requests (to log in to some site), enriches it with some credential, then once authenticated, redirects user to it so future requests, originating directly from the user, is authenticated?

Technology restriction: Hopefully use Python (back-end code right now in python running on GAE) or Java?

My potential solutions:

  1. Server uses Python (chosen language) and Selenium to mimic user and authenticate. Reroute response from target site to user and use chrome api to store cookies/access token to keep session. Is this approach feasible/can user stay logged in if we store access token (oauth) or session cookies programatically?

  2. Server gets a hold of the actual request the user sends (example - the request that was sent when user pressed log in with some bogus credential), decrypt it (assuming https), edit the request to use correct credentials before forwarding it.

  3. Worst case scenario, extend solution 2 but manually construct a request from scratch that mimics the login request, including where the request is coming from etc - would the response be dropped by the user browser since they didn't initiate the request?

I am new to web development so I would bet these plans will not work due to some technological issue that I don't know about e.g. using selenium is website specific and so very fragile. Also, https makes setting up proxies a lot harder. If so, please let me know where and if I can fix it.

PS: any better solution to the problem is also very appreciated! Thanks!




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)