Post

Authentification progression

Posted Updated
By So Hee Park 1 min read

βœ… API key

  1. User issues API key
  2. To use certain API, send key with request
  3. When requested, Application authenticated user information with key
  4. Respond to user with information from key

πŸ‘ŽπŸ»

  • If key is leaked? Difficult to fix
  • To prevent key leak, frequent update neccessary

βœ… OAUTH2

  1. Application sends user to Oauth service to login
  2. Oauth authenticates user

πŸ‘ŽπŸ»

  • need to verify token
  • token expires

βœ… JWT

JWT carries verification with itself, so no need for requesting for verification of the token

πŸ‘ŽπŸ»

  • token carries lots of sensitive data
Computer Science, WEB
This post is licensed under CC BY 4.0 by the author.