Authentication/authorization/authentication and authentication mode comparison

Others 2022-08-19 11:49:49 views: 0

Permission term

A complete authorization process includes four steps: authentication, authorization, authorization check, and authentication

  1. Authentication identify: The client requests the server to confirm the identity through the identity credentials. The identity credentials generally includeUsername/Password、ClientId/ClientSecret、AppId/AppSecret等

  2. Authorization authorize: After the authentication is passed, the server issues and maintains the authorization certificate to the client. The authorization certificate generally includes SessionID、OAuth2Token、JwtToken等, and the authentication and authorization are often completed continuously.

  3. Authentication/authorization check authcheck: Before the client accesses restricted resources, it auth中间件checks whether it has obtained authentication and authorization. Some modes require the client to provide authorization credentials in the Httprequest header field.Authorization

  4. Authentication authenticate: On the authcheckbasis, further authenticate whether the current identity has sufficient rights to access resources. The authentication methods include OAuth2的scope权限分组, HttpBasic的realm保护域, WEB的RBAC/ACL权限系统etc.

Authentication Mode Comparison

  • HttpBasic: The development cost is the lowest, the authentication is stateless (but the browser scenario can be automatically maintained), and realmthe authentication granularity of the group protection interface set is provided, which is suitable for intranet communication

  • Session: The development cost is average, the authentication is stateful, and it can be combined with an authentication system to protect resources by RBAC/ACLgrouping , which is suitable for login scenariosWebWeb

  • Signature: General development cost, stateless authentication, does not support authentication, suitable for communication with a single service interface

  • OAuth2: The development cost is slightly higher, the authentication is stateful, and scopethe authentication granularity of the group protection interface set is provided, which is suitable for the enterprise open platform

  • JWT: The development cost is general, and the authentication is stateless (but the self-contained feature realizes the continuity and cross-platform of the authentication identity). It can be combined with Webthe authentication system, suitable for cross-platform stateless login authorization, and can also OAuth2provide simplified non-storage authentication. authorization mechanism.

{{o.name}}
{{m.name}}

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=324131189&siteId=291194637
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com