Category: Security Intro

Security Intro

Objective –

  1. meaning /structure of security mechanism
  2. where used? use case
  3. Implementation

Index

  1. Introduction
  2. Basic username-pwd
  3. JWT
  4. Oauth ( micro-services)
  5. Digital Signature (NPCI)

Introduction

Session, Cookie, JWT, Token, SSO, and OAuth 2.0 – here’s what you need to know

These terms are essential for identifying, authenticating, and authorizing users online. Let’s dive in๐Ÿ‘‡

๐—ช๐—ช๐—ช-๐—”๐˜‚๐˜๐—ต๐—ฒ๐—ป๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ฒ
๐Ÿ”น Oldest & most basic method
๐Ÿ”น Browser asks for username & password
๐Ÿ”น Lacks control over login life cycle
๐Ÿ”น Rarely used today

๐—ฆ๐—ฒ๐˜€๐˜€๐—ถ๐—ผ๐—ป-๐—–๐—ผ๐—ผ๐—ธ๐—ถ๐—ฒ
๐Ÿ”น Server maintains session storage
๐Ÿ”น Browser keeps session ID
๐Ÿ”น Works mainly with browsers, not mobile app friendly

๐—ง๐—ผ๐—ธ๐—ฒ๐—ป
๐Ÿ”น Compatible with mobile apps
๐Ÿ”น Client sends token to server for validation

๐—๐—ช๐—ง (๐—๐—ฆ๐—ข๐—ก ๐—ช๐—ฒ๐—ฏ ๐—ง๐—ผ๐—ธ๐—ฒ๐—ป)
๐Ÿ”น Standard representation of tokens
๐Ÿ”น Digitally signed & verifiable
๐Ÿ”น No need to save session info server-side

๐—ฆ๐—ฆ๐—ข (๐—ฆ๐—ถ๐—ป๐—ด๐—น๐—ฒ ๐—ฆ๐—ถ๐—ด๐—ป-๐—ข๐—ป) & ๐—ข๐—”๐˜‚๐˜๐—ต ๐Ÿฎ.๐Ÿฌ
๐Ÿ”น SSO: Log in once, access multiple sites
๐Ÿ”น Uses CAS (central authentication service)
๐Ÿ”น OAuth 2.0: Authorize one site to access info on another