What is Authentication?
Authentication is the process of verifying requests to the server to find out if the user/client sending the request is a valid user. This can further be used to restrict user activities (authorization) or the resources that can be used by the particular user.
Types of Authentication
- Server Sessions
- Authentication Tokens
Server Sessions
As the name suggests, in this method we create a session on the server for each incoming authentication request. In other words, when a user logs in to his/her account, we create a separate state on the server that only serves responses for that particular user.
When an authentication request is received by the server, it validates the user credentials provided and creates a state on the server and provides a response to the client with a unique identifier for that state or session (usually in form of cookies). This identifier is sent by client along with every request.
This method of authentication is popular with MVC pattern of web development where the server serves the pages as response for user requests.
Authentication Tokens
In this method, whenever the server receives an authentication request, it validates the user credentials, generates a unique id with some hashing algorithm and sends the id back to the client. The client will use this id with every request sent to the server.
This "id" is not encrypted. It is just hashed to include some data that only makes sense to the server that has to validate the request using this id.
In this case, the server does not create or store a session. It is the client's responsibility to provide the proper id along with each and every request. Therefore, the server remains stateless.
This form of authentication is very popular in Single Page Applications (SPAs) and more generally with REST APIs, since these APIs donot store state.
I will discuss about how to use authentication in SPAs in my next post.
Stay tuned. Happy Coding!!
Top comments (0)