Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      Internship #413870 Authentication and Authorization
    Actions
    #413870
    Arpita Gumma (arpita.gumma)
    2025-02-11 14:04
    2025-02-11 14:04
    Details
    Authentication and Authorization

    Authentication and it's Types

    ---- Authentication is the process of verifying who a user is before giving them access to a system, application, or API.

    • It ensures that only authorized users can log in or access protected resources.

    • authentication like a security guard checking your ID card before letting you enter a building.

    How it work:

    1. A user provides their credentials (like username & password).

    2. The system checks if the credentials match stored records.

    3. If correct, the user is granted access; otherwise, access is denied.

    Types of Authentication

    1. Password-Based Authentication (Basic Authentication)

    2. Multi-Factor Authentication (MFA)

    3. Token-Based Authentication (JWT, OAuth, API Key)

    4. Biometric Authentication

    5. Single Sign-On (SSO)

    6. Certificate-Based Authentication

    Authorization and it's types

    ---- Authorization is the process of checking what a user is allowed to do after they have been authenticated.

    • Authentication: Security checks your ID card to verify you are an employee.

    • Authorization: Even if you’re an employee, you may not be allowed in the manager’s cabin. Your role (employee/manager) decides what areas you can access.

    How it work

    1. User logs in (authentication).

    2. System checks their role or permissions.

    3. Grants or denies access to specific resources.

    Types of Authorization

    1. Role-Based Access Control (RBAC)

    2. Attribute-Based Access Control (ABAC)

    3. Discretionary Access Control (DAC)

    4. Mandatory Access Control (MAC)

    5. Policy-Based Access Control (PBAC)

    JWT (JSON Web Token )

    JWT (JSON Web Token) is a secure way to authenticate users in web applications.

    It allows a server to verify a user’s identity without storing session data.

    The client (browser, mobile app, or API consumer) receives a token and uses it to access protected resources.

    JWT authentication work

    1. User Logs In

      • The user sends a username and password to the server.

      • The server verifies the credentials in the database.

    2. Server Generates a JWT Token

      • If the credentials are valid, the server creates a JWT token.

      • The token contains user details (like email or user ID).

      • The token is digitally signed using a secret key (to prevent tampering).

    3. Client Stores the Token

      • The token is sent back to the user.

      • The user stores it (usually in local storage or session storage in the browser).

    4. User Makes Requests with the Token

      • When the user makes a protected request, they send the token in the Authorization header:

      • Authorization: Bearer <JWT_TOKEN>

      • The server verifies the token.

      • If the token is valid, the user gets access to the protected resource.

    JWT Token has three parts separated by dot(.):

    -- HEADER.PAYLOAD.SIGNATURE

    1. Header contains metadata about the token. ex: { "alg": "HS256", "typ": "JWT" }

    2. Payload contains users data. ex: { "alg": "HS256", "typ": "JWT" }

    3. Signature ensures token integrity. Encrypted string

    Empty
    Empty
    State of Progress
    2025-02-07
    Empty
    2025-02-10
    Arpita Gumma (arpita.gumma)
    Ajit kumar (ajit)
    2025-02-10
    Closed
    Attachments
    Empty
    References
    References list is empty