authentication authorization code example
Example 1: difference between authentication and authorization
web security systems are based on a two-step process.
The first step is authentication, which
ensures the user identity
second step is authorization, which
allows the user to access the various resources
based on the user's identity.
Example 2: basic authorization
Authorization :
It's a process of granting or denying access to resources.
Mostly it happens after Authentatication.
Most of the projects I worked on use Bearer token
with JWT in Authorizaiton header.
I have endpoint that I can use to generate this token
and pass it to the each requests in my test.
Different ways to making authorized request:
1- Basic Auth
(providing username and password along with each request)
2- Api Keys
(It is provided token by the api vendor and
it could be as query parameter or header
3- Bearer Token
(We can get it by requesting to certain endpoint)
Most known jwt(json web token)
4- Auth2
(A much more secure way of authorizing your request
The flow is similar to Login with facabook,google
Eventually the token still get added to the
Authorization header)