[Draft] Authentication - vinhtbkit/bkit-kb GitHub Wiki
Terms
Identity Provider (Idp)
- Services that store and verify user identity
Service Provider
- Federation partner that provides services to the user
Types of authentication
Password authentication
User remembers username / password and use them to authenticate Implementation:
Cons:
- Vulnerable to attacks ( man in the middle, brute force, password guessing ...)
- Password could be exposed on server
Token authentication
User provides credentials once and Identity Provider will issue an authentication token, which can be used to authenticate without having to provide the credentials again until it expires
Biometric authentication
Multi-factor authentication (MFA)
An authentication factor is a certain proof that verifies a user’s identity.
- Knowledge factor: what user knows (username, password, PIN,...)
- Can be easily cracked or stolen
- Possession factor: what user owns (mobile device, OTP device, SIM cards ...)
- Much more difficult to attack
- Inherence factor: fingerprints, face recognition...
Authentication protocols
LDAP
SAML
OIDC
API Authentication methods
Basic authentication
- Authenticate using username + password
- Format:
Authorization: Basic XXXX
whereXXXX
is Base64 encoded ofusername:password
API keys
- Uses a custom header, or request parameter to authorize request
OAuth2
- Often uses
Bearer
token - More details: https://github.com/sonyynosification/bkit-kb/wiki/OAuth2-overview