Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Task 2.9 Authentication & Authorization > Authentication > Flashcards

Authentication Flashcards

1
Q

What is Authentication?

What is Authorization?

A

Authentication is the process of verifying a client’s identity, whereas authorization is the process of verifying that a client is allowed to take a certain action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who is the client?

Who is the user?

A

Client refers to the frontend program or application that’s making requests to your API (the server-side of your application). This could be a website in the browser, a mobile or desktop app, a command-line tool, Postman, or any other type of software.

User refers to the individual, human person that’s using the client application. Normally, a client application is authenticated and authorized by way of its user’s identity, which the client sends alongside requests to your API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 4 main methods for authenticating user requests on your API endpoints?

A
  1. HTTP authentication
  2. API key-based authentication
  3. Session/Cookie-based authentication
  4. JWT/Token-based authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does basic HTTP authentication work?

A

The process of authentication checks whether a client and its user are who they say they are. With basic HTTP authentication (the simplest form of authentication), this is done via usernames and passwords.

During basic HTTP authentication, the client provides a username and password (by way of the user) encoded within the header of the HTTP request it sends to your API. Your API then reads that username and password to check if the user is registered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Advantages of HTTP authorization

A

It doesn’t require any extra storage mechanism for the username and password as they’re transmitted from the client to the API directly in the HTTP header. From there, it’s a fairly straightforward process for your API to read these values and check them against its database of registered users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Disadvantages of HTTP authorization

A

Risky to use HTTP authentication as a general authentication scheme (i.e., beyond an initial login request). As the username and password would be sent along with every request, the authentication details are more susceptible to being intercepted and your application could potentially be exposed to harmful attacks, especially if the connection is insecure. And, as usernames and passwords don’t expire, an attacker would have permanent access to your API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Task 2.9 Authentication & Authorization (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions