Authentication and Authorization

September 2016 ยท 1 minute read

JWT

JSON Web Tokens (JWT) are a more modern approach to authentication. As the web moves to a greater separation between the client and server, JWT provides a wonderful alternative to traditional cookie based authentication models.

Good Articles:

OAuth2

(Authorization) OAuth2 is an authorization mechanism (i.e. allows you to check that a token is valid and has a specific set of scopes granted) An Introduction to OAuth 2

OpenID Connect

(Authentication and Authorization) OpenID Connect is just an authentication layer built on top of OAuth2. It is a standards specifications and there are a lot of implementations for this standard.

OpenID Connect Specifications

  • Identity Provider (IDP): offers user authentication as a service
  • Relying Party (RP): an application that outsources its user authentication function to an IDP.
  • Resource
  • User

Other products:

References: