authorization and authentication code example

Example 1: authentication vs authorization

Authentication : 
				telling the system who you are 
				by providing username and password.


		Authorization : 
				things you can do according to who you are 



 ------  few ways of Authorization: 
 		Basic Auth --
 			 providing username and password for each and every request you 
             make

 		Token based 
 			generate a long token just one time 
 			and use that for the rest of the request 

 			similar to the visitor tag you get when you go to certain 
            restricted areas 


 			API KEY --- 


 			Bearer Token --

Example 2: difference between authentication and authorization

web security systems are based on a two-step process. 
The first step is authentication, which 
ensures the user identity
second step is authorization, which 
allows the user to access the various resources 
based on the user's identity.

Example 3: what is authorization

AUTHORIZation usually occures after AUTHENTICation (which establishes identity)
process of granting or denying access to resources
determines access levels or user/client privileges 
related to system resources including 
files, services, computer programs, data and application features.

Example 4: what is authorization

Authorization :
It's a process of granting or denying access to resources.
Mostly it happens after Authentatication.

Most of the projects I worked on use Bearer token
with JWT in Authorizaiton header.
I have endpoint that I can use to generate this token
and pass it to the each requests in my test.

Different ways to making authorized request:
1- Basic Auth
       (providing username and password along with each request)
2- Api Keys
       (It is provided token by the api vendor and
        it could be as query parameter or header
3- Bearer Token
       (We can get it by requesting to certain endpoint)
       Most known jwt(json web token)
4- Auth2
      (A much more secure way of authorizing your request
      The flow is similar to Login with facabook,google
       Eventually the token still get added to the 
       Authorization header)

Tags:

Misc Example