DEV Community

Cover image for From Zero to Hero (▀̿Ĺ̯▀̿ ̿) in Authentication | Part 2
Kushagra Mehta
Kushagra Mehta

Posted on

From Zero to Hero (▀̿Ĺ̯▀̿ ̿) in Authentication | Part 2

Authentication in simple word is just saying "Who you are😕?" for an Application. Authentication is the first step while developing an application so it is very important to understand it. In previous post we understand What is Authentication & its type.!. In this post, we're going to dive deep and understand various ways to implement authentication.

What we're going to discuss

  • ⛑Basic Auth
  • 🍪Cookie/Session Based Auth.
  • 🔑JWT
  • 🌐OpenID Connect

⛑Basic Auth

The basic authentication scheme is built into the HTTP protocol. UserID and password are Base64 encoded and send to the server with every subsequent request. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password.
For example, to authorize as xyz:pass the client would send

Authorization: Basic eHl6OnBhc3M=
Enter fullscreen mode Exit fullscreen mode

As it should only be used with HTTPS/SSL or anyone can read the credentials.

🍪Cookie/Session Based Auth.

Alt Text
In this method, After a user securely authenticates a session ID is generated and stored in the server memory. Then that session ID is stored in the cookie in the client browser. While the user remains logged in, the cookie is sent with every subsequent request.
At each request, the server takes a look at the session cookie to read the session ID. If it matches the data stored in its memory, it sends a response back to the browser letting it know everything’s okay and ready to go.

🔑JWT

JWT Token
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

JSON web tokens work in a similar way as a bank account number on a cheque, and the signature that’s placed on it to approve the transfer of money with the cheque.

🌐OpenID Connect

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

Top comments (4)

Collapse
 
srikanth597 profile image
srikanth597

Hey nice article and topic u have chosen to explain,It was indeed good.
But In your Session/Cookie based method,
U mentioned in the picture that session ID is validated against Database.
But in your explanation u mentioned it as Session ID storage in server memory and respond with Cookie.

So basically all I'm saying from my understanding after reading it,picture says one thing and explanation says other. So it's little bit misleading

Collapse
 
kushagra_mehta profile image
Kushagra Mehta

Ok, let me simplify it for you. When a session ID is created on the server side it is stored on memory-based DB like Redis/Memcached because of their high read & write. And Cookie is just a wrapper on which we store the session ID because the browser sends cookies with every subsequent request. When the server receives a request it unwrapped the cookies and extract session ID check against memory-based DB and tada🎉 you are authenticated

Collapse
 
dev_emmy profile image
nshimiye_emmy

useful article

Collapse
 
azhar9 profile image
Azhar Syed

JWT tokens could have been explained a bit more in detail.