authentication and authorization code example
Example 1: authentication vs authorization
Authentication :
telling the system who you are
by providing username and password.
Authorization :
things you can do according to who you are
------ few ways of Authorization:
Basic Auth --
providing username and password for each and every request you
make
Token based
generate a long token just one time
and use that for the rest of the request
similar to the visitor tag you get when you go to certain
restricted areas
API KEY ---
Bearer Token --
Example 2: difference between authentication and authorization
web security systems are based on a two-step process.
The first step is authentication, which
ensures the user identity
second step is authorization, which
allows the user to access the various resources
based on the user's identity.
Example 3: what is authorization
AUTHORIZation usually occures after AUTHENTICation (which establishes identity)
process of granting or denying access to resources
determines access levels or user/client privileges
related to system resources including
files, services, computer programs, data and application features.
Example 4: what is authorization
Authorization :
It's a process of granting or denying access to resources.
Mostly it happens after Authentatication.
Most of the projects I worked on use Bearer token
with JWT in Authorizaiton header.
I have endpoint that I can use to generate this token
and pass it to the each requests in my test.
Different ways to making authorized request:
1- Basic Auth
(providing username and password along with each request)
2- Api Keys
(It is provided token by the api vendor and
it could be as query parameter or header
3- Bearer Token
(We can get it by requesting to certain endpoint)
Most known jwt(json web token)
4- Auth2
(A much more secure way of authorizing your request
The flow is similar to Login with facabook,google
Eventually the token still get added to the
Authorization header)