I am hosting a web app which user can use to login with their account to an external API and fetch data.
The only way to authenticate within the API is via a POST request, where users enter their username and password. Once that is done, I can keep renewing the token that is being generated.
The issue I am facing is that the initial login happens within my web app. Therefore most users won't trust me with entering the same credential that they use on the other site (since technically I can steal them). Is there any way I can make that process more secure for the user?
Aucun commentaire:
Enregistrer un commentaire