Authentication Flashcards
(39 cards)
The process of verifying that someone is who they say they are.
Authentication
Reasons for authentication (3)
- Saving client-client data
- Customizing User Experience
- Authorization/Usage Control
Involves granting access to resources based on someone’s identity
Authorization
Authorization can’t happen without _______________.
Authentication
What do we need for authentication? (2)
- Credentials (username, and password or email and password)
- Authentication token or session id from the server
Two kinds of auth
- Token Based Auth
- Session Based Auth
In Token-based auth, the authenticating server gives out _______ to clients.
Tokens
A token is a _____________.
A string of data
Auth tokens are usually at least ________.
signed
A _________ message means that its origin can be verified.
signed
A __________ message means that only its intended recipient can read it.
encrypted
In token-based website, clients send ________ for every requests that need authentication.
Auth token
Elaborate the process when a client is requesting a process that requires authentication using token-based auth.
- Client logs in using credentials then the server authenticates it.
- If authenticated, client receives auth token.
- User sends the auth token to the server instead of credentials when they ask for webpage that needs authentication
- Server validates the auth token.
- If validated, the requested webpage is sent to client.
What error does client receives when they are unauthenticated?
401, unauthenticated
The authenticating server only checks the __________ of submitted tokens.
validity
Elaborate the process when a client is requesting a process that requires authentication using session-based auth.
same lang sa token-based tbh, difference lang ay ang sinesend this time ay session reference na vinavalidate ng server.
In session-based auth, the server keeps track of a list of active sessions. It gives logged in users a _____________ (usually in a ____________).
session id, cookie
In session-based auth, heavy lifting is done on the side of the __________ as the ________ keeps all the session data. While in token-based, all session info are kept in __________.
server, server, token
Tokens and Sessions can be ________ to terminate a logged in session as needed.
revoked
A small piece of data that the server sends to the user’s browser via a header in the response message
Cookie
Cookies are usually used by the server to tell if ______________________.
2 requests came from the same browser
3 uses for cookies
- session management
- personalization
- tracking
2 types of cookies
- session cookies
- permanent cookies
These cookie s have an expiry date and time set during its creation. They are automatically deleted by the browser.
Permanent cookies