Class 10 Reading - morgan-401-advanced-javascript/seattle-javascript-401n14 GitHub Wiki
Read
Read Basic Auth
link In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the base64 encoding of id and password joined by a single colon :.
Read Intro to JWT
In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:
Header Payload Signature Therefore, a JWT typically looks like the following.
xxxxx.yyyyy.zzzzz
Read OWASP Auth CheatSheet
-
Authentication is the process of verifying that an individual, entity or website is who it claims to be. Authentication in the context of web applications is commonly performed by submitting a username or ID and one or more items of private information that only a given user should know.
-
Session Management is a process by which a server maintains the state of an entity interacting with it. This is required for a server to remember how to react to subsequent requests throughout a transaction. Sessions are maintained on the server by a session identifier which can be passed back and forward between the client and server when transmitting and receiving requests. Sessions should be unique per user and computationally very difficult to predict.