-

How to secure Your App with Auth0

https://manage.auth0.com/dashboard/us/dev--15yis6i/    -- Google mail


Auth0 provides authentication and authorization as a service.

Rapidly integrate authentication and authorizatin for web, mobile and legacy applications so you can focus on your core business.


How to Secure your App

1) Form based Login
2) JWT Token Based And Password less
3) Machine to Machine


Agenda

Authentication vs. authorization.
OAuth 2.0 and its flows.



Implementing authorization code grant flow with OpenID in a React app with popup and redirection UX.


Authentication vs. Authorization


Authentication means that we only want to identify the user who’s trying to log into an application. It’s a way of identifying the users to make sure they are who they are claiming to be.


simple example is username/password


Authentication --- who are you

Authorization --- Are you allowed

Authorization, on the other hand, is a way of “authorizing” the logged-in user to access the protected resources. The authorization process generally succeeds authentication.

An example would be an API key through which you can access the developer’s REST API. Or, simply something like a Google access token to access Google resources, such as Google Drive.


OAuth2 flow

Authorization Code Grant :

A code is issued and used to obtain the access_token. This code is released to a front-end application after the user logs in. The access_token instead, is issued server side, authenticating the client with its password and the obtained code.

client Credential Grant :

the access_token is issued on the server, authenticating only the client, not the user.

Password Grant:

the access_token is issued immediately with a single request containing all login information : username, user password, client id, and client secret.

oAuth Flow

Authorization Grant




The Involved Actors

User :

CLient App

Authorization Server

Resource Server

The Flow


https://itnext.io/an-oauth-2-0-introduction-for-beginners-6e386b19f7a9


Comments

Post a Comment

Popular posts from this blog

-
Node Js Non-Blocking IO Overview of Blocking vs Non-Blocking This overview covers the difference between  blocking  and  non-blocking  calls in Node.js. This overview will refer to the event loop and libuv but no prior knowledge of those topics is required. Readers are assumed to have a basic understanding of the JavaScript language and Node.js  callback pattern . "I/O" refers primarily to interaction with the system's disk and network supported by  libuv . Blocking Blocking  is when the execution of additional JavaScript in the Node.js process must wait until a non-JavaScript operation completes. This happens because the event loop is unable to continue running JavaScript while a  blocking  operation is occurring. In Node.js, JavaScript that exhibits poor performance due to being CPU intensive rather than waiting on a non-JavaScript operation, such as I/O, isn't typically referred to as  blocking . Synchronous methods in t...
Read more
-
Python for Everyone Course  Link :  http://www.py4inf.com/ Book with all materials and lessons :  https://www.py4e.com/ PPTS :
Read more
-
Geoserver Print Module Geoserver print process involves two steps. First at the  server side , you have to configure your yaml file, called config.yaml. Go through the detailed documentation at  MapFish print module documentation page . Once this done, the second step is for  client side . Considering you are using openlayers for your front-end, in order to get the list of visible layers, you will need a simple loop with visibility check, e.g. var layers = "" ; for ( var i = 0 ; i < map . layers . length ; i ++) { if ( map . layers [ i ]. visibility == true ){ //get a string of visible layers layers = layers + map . layers [ i ]. name + ',' } } //remove the trailing ',' layers = layers . slice ( 0 , - 1 ); var maptitle = "This is the map title" ; var mapcomment = "This is the map comment" var printurl = "http://host:post/geoserver/pdf/print.pdf?spec={" units ...
Read more