When is Basic Authorization used vs. Bearer Authorization?
- basic authorization requires you to send and use the encrypted user name and password to each endpoint to validate, also basic authorization is server side.
- bearer authorization provides you a token that is held client side and is used to validate on the server
What does the JSON Web Token package do?
- allows you to recieve JSON web tokens from the headers and using a Secret phrase read it
What considerations should we make when creating and storing a SECRET?
- the SECRET should be a none human readable that is stored on the server in a secure difficult to access spot, because if someone gets ahold of it they can have access to intercepting tokens and decoding them or authorizing themselves as someone else.
encryption
- Encryption is a means of securing data (not human readable) by encoding it mathematically such that it can only be read, or decrypted, by those with the correct key or cipher. source
token
- a stateless self-contained means of containing all the information for authentication source bearer
- The name “Bearer authentication” can be understood as “give access to the bearer of this token. The bearer is the person who holds the token. (0sou)
secret
- this is used to generate the token and must be used to read the token, without this you will be unauthorized.
JSON Web Token
- Token consists of three parts: Header, Payload and Signature. source
- The header and payload are Base64 encoded, then concatenated by a period, finally the result is algorithmically signed producing a token in the form of header.claims.signature.
Which 3 things had you heard about previously and now have better clarity on?
- Authentication Endpoint, Access Token Endpoint, Authorization Code
Which 3 things are you hoping to learn more about in the upcoming lecture/demo?
- Authentication steps, Access Token, API Endpoint
What are you most excited about trying to implement or see how it works?
- Authentication steps