My Blog

Authentication Methods in Web Applications

by

admin
in

We have many ways in which an app can be authenticated. Let’s look at each of them one by one:

Cookies are generally used to handle user authentication in web applications. Here’s a diagram that shows how this works:

Working of cookie-based authentication in web apps:

A graph explaining how cookie-based authentication works in web applications.

As you can see here, the client browser sends the POST request for login credentials to the server. The server then verifies the credentials sent to it with the HTTP 200 OK status code. It creates a session ID stored in the server and returns it to the client via Set-Cookie: session=…. On the subsequent requests, the session ID from the cookie is verified in the server, and the corresponding request is processed. When you log out of the app, your session ID will be cleared from both the client and server.

Token-Based Authentication

This method is on the rise as we see more and more Single Page Applications (SPAs) being made.

One of the most common ways to implement token-based authentication is to use JSON Web Tokens (JWTs). JWTs are an open standard that defines a self-contained way to transmit information between parties as JSON objects securely.

Working of token-based authentication:

A graph showing how token-based authentication works in web applications.

When the credentials are received from the client’s browser, the server validates these credentials and also generates a signed JWT containing all of the user information. The token is stateless, so it never gets stored on the server. Over the following requests, the token is passed to the server and then gets decoded in order to verify it on the server.

Third-Party Access (OAuth, API-token)

The third-party access authentication can work in two ways:

  • Via API-token: it’s usually the same as we discussed above on JWT, where the token is sent to the authorization header and handled at some API gateway to authenticate the user.
  • Via Open Authentication (OAuth): as you might have guessed by its name, OAuth is an open protocol that allows secure authentication methods from the web, mobile, and desktop applications. This protocol authenticates against the server as a user.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *