I just started of in Django and want to implement this. But not sure whether my approach is correct or not. Can you validate?
Requirement : My Server will provide a service via an url endpoint. Client will authenticate (with id and password supplied to him via separate channel. So, no signup page available) with his credentials and avail the service. i will do the work asynchronously and reply with status.
My Approach. . Client will be provided a username and password via separate channel. . Client will do an https connection. . Client will encrypt the password with my public Key and will call my URL endpoint with id, password, data. . i will acknowledge the request and will ping client back when the work is done.
Things i am worried about: . how to stop snoopers from replacing the data portion and reforwarding the request to me. . how to stop snoopers from reusing the encrypted password from original request and sending their own request.
Are there any frameworks which will provide this support inbuilt? OR This will not occur at all in my current setup?
I know Django provides an authentication module. But not sure about its capabilities.