Home/ Questions/Q 3372

Querify Question Shop: Explore Expert Solutions and Unique Q&A Merchandise Latest Questions

Author
  • 61k
Asked: 2024-11-26T02:06:08+00:00

From Zero to Hero (▀̿Ĺ̯▀̿ ̿) in Authentication | Part 2

  • 61k

Authentication in simple word is just saying “Who you are😕?” for an Application. Authentication is the first step while developing an application so it is very important to understand it. In previous post we understand What is Authentication & its type.!. In this post, we're going to dive deep and understand various ways to implement authentication.

What we're going to discuss

  • ⛑Basic Auth
  • 🍪Cookie/Session Based Auth.
  • 🔑JWT
  • 🌐OpenID Connect

⛑Basic Auth

The basic authentication scheme is built into the HTTP protocol. UserID and password are Base64 encoded and send to the server with every subsequent request. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password.
For example, to authorize as xyz:pass the client would send 

Authorization: Basic eHl6OnBhc3M=
Enter fullscreen mode Exit fullscreen mode

As it should only be used with HTTPS/SSL or anyone can read the credentials.

🍪Cookie/Session Based Auth.

Alt Text
In this method, After a user securely authenticates a session ID is generated and stored in the server memory. Then that session ID is stored in the cookie in the client browser. While the user remains logged in, the cookie is sent with every subsequent request.
At each request, the server takes a look at the session cookie to read the session ID. If it matches the data stored in its memory, it sends a response back to the browser letting it know everything’s okay and ready to go.

🔑JWT

JWT Token
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JSON web tokens work in a similar way as a bank account number on a cheque, and the signature that’s placed on it to approve the transfer of money with the cheque.

🌐OpenID Connect

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

beginnerscomputersciencesecuritywebdev
Share

Leave an answer

You must login to add an answer.

Need An Account,