Token-Based Authentication

Spread the love

Token-Based Authentication

is a method of authentication that relies on the use of tokens to grant access to resources.

  • Token information: username, roles, permissions, expiration date, metadata
  • Can be signed with a secret key or using a public-private key pair (authenticity).
  • The user starts to authenticate and receives a token from the server for future access.
  • The user (device) only needs to authenticate once, and then he presents the token.
  • Supports OAuth2, JWS, OpenID, and others
  • Pros: stateless, the server doesn’t store user information in the session (scalability).
  • Pros: secure, the token is encrypted and signed.
  • Pros: If the token is stolen it has a limited lifespan.
  • Pros: It is not dependent on specific devices, platforms, or domains.
  • Cons: deciding about token storage, expiration time, and size.

Leave a Reply

Your email address will not be published. Required fields are marked *