🌡
Christian's Wiki
/
πŸ”
Authentication / Authorization
πŸ”

Authentication / Authorization

β€£
What is JWT?
❗
JWT defines a token format (not protocol) that is used for authorization, not authentication
β€£
How does traditional authentication login system that uses cookies and sessions to store the user session information?
image
β€£
How does authentication work with JWT (JSON Web Token)?
image
image
β€£
What does a JWT consist of? What does it look like?
image
β€£
What is in the Header of a JWT?
image
β€£
What is in the Payload of a JWT?
image
image
image
image
image
❗
Claims like "iat", "exp" and "eat" are useful for security (expiring JWTs)
β€£
What goes in the Signature of a JWT?
image
β€£
How would a client use a JWT to authorize access to protected routes and resources?
image
β€£
What is OAuth? What is the key benefit of using it?

OAuth is a delegated authorization framework (not a protocol) for REST/APIs. It enables apps to obtain limited access (scopes) to a user’s data (on services like Facebook, Github, DigitalOcean) without giving away a user’s password.

πŸ‘ It decouples authentication from authorization and supports multiple use cases addressing different device capabilities

β€£
How does OAuth work?
image
image