发表新帖
发表新帖

What is token-based authentication?

前端 未结
关注
8 1844
既然无缘
既然无缘 2020-11-22 16:39

I want to understand what token-based authentication means. I searched the internet but couldn\'t find anything understandable.

8条回答
  • 难免孤独
    难免孤独 (楼主)
    2020-11-22 17:22

    Token Based (Security / Authentication)

    means that In order for us to prove that we’ve access we first have to receive the token. In a real life scenario, the token could be an access card to building, it could be the key to the lock to your house. In order for you to retrieve a key card for your office or the key to your home, you first need to prove who you are, and that you in fact do have access to that token. It could be something as simple as showing someone your ID or giving them a secret password. So imagine I need to get access to my office. I go down to the security office, I show them my ID, and they give me this token, which lets me into the building. Now I have unrestricted access to do whatever I want inside the building, as long as I have my token with me.

    What’s the benefit of token based security?

    If we think back on the insecure API, what we had to do in that case was that we had to provide our password for everything that we wanted to do.

    Imagine that every time we enter a door in our office, we have to give everyone sitting next to the door our password. Now that would be pretty bad, because that means that anyone inside our office could take our password and impersonate us, and that’s pretty bad. Instead, what we do is that we retrieve the token, of course together with password, but we retrieve that from one person. And then we can use this token wherever we want inside the building. Of course if we lose the token, we have the same problem as if someone else knew our password, but that leads us into things like how do we make sure that if we lose the token, we can revoke the access, and maybe the token shouldn’t live for longer than 24hours, so the next day that we come to the office, we need to show our ID again. But still, there’s just one person that we show the ID to, and that’s the security guard sitting where we retrieve the tokens.

    0 讨论(0)
 看不清?
提交回复
热议问题